11-02-2012 10:17 PM - edited 03-11-2019 05:18 PM
Hello, I am working on an ASA 5510 on 8.4 IOS and need to know how to limit icmp to just a single host? What I would like to do is be able to PING from the Inside interface 10.X.X.X to host 4.2.2.2 on the Outside, but thats it no other host would be PINGable.
I tried MANY different access-list statements but the only way I can get icmp out and working is using the "fixup protocol icmp" but then everything is PINGable and the ASA does not block anything.
Any help would be great!!!
Thanks!
Solved! Go to Solution.
11-02-2012 10:27 PM
Hello Scott,
Do fixup protocol icmp
access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2
access-list inside_in deny icmp any any
access-list inside_in permit ip any any
access-group inside_in in interface inside
Regards,
11-02-2012 10:27 PM
Hello Scott,
Do fixup protocol icmp
access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2
access-list inside_in deny icmp any any
access-list inside_in permit ip any any
access-group inside_in in interface inside
Regards,
11-02-2012 10:34 PM
You are great! Thanks so much!!!!!!!!!
11-02-2012 10:40 PM
Hey Scott a pleasure to help
Regards,
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: