Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

allow-embedded-icmp

Syntax

Hierarchy Level

Description

Allow ICMP error packets to pass through the device even when there is no session match for the embedded packet. Once enabled, all packets encapsulated in ICMP pass through and no policy affects this behavior. This feature is useful when you have asymmetric routing in your network and you want to use traceroute and other ICMP applications on your device.

The default behavior is to inspect the IP packet which is embedded in the ICMP error packet. If the embedded packet is part of an existing session, the ICMP packet is allowed to pass through. If there is no match, it is dropped. Without the allow-embedded-icmp option configured, the default behavior applies.

Required Privilege Level

security—To view this in the configuration.

security-control—To add this to the configuration.

Release Information

Statement introduced in Junos OS Release 12.3X48-D10.

Related Documentation