cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1046
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA 8.4 Access-List Help

Hello, I am working on an ASA 5510 on 8.4 IOS and need to know how to limit icmp to just a single host? What I would like to do is be able to PING from the Inside interface 10.X.X.X to host 4.2.2.2 on the Outside, but thats it no other host would be PINGable.

I tried MANY different access-list statements but the only way I can get icmp out and working is using the "fixup protocol icmp" but then everything is PINGable and the ASA does not block anything.

Any help would be great!!!

Thanks!

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

ASA 8.4 Access-List Help

Hello Scott,

Do fixup protocol icmp

access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2

access-list inside_in deny icmp any any

access-list inside_in permit ip any any

access-group inside_in in interface inside

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

3 REPLIES 3

ASA 8.4 Access-List Help

Hello Scott,

Do fixup protocol icmp

access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2

access-list inside_in deny icmp any any

access-list inside_in permit ip any any

access-group inside_in in interface inside

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Beginner

ASA 8.4 Access-List Help

You are great! Thanks so much!!!!!!!!!

ASA 8.4 Access-List Help

Hey Scott a pleasure to help

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here