Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1359
Views
0
Helpful
3
Replies

ASA 8.4 Access-List Help

Go to solution
wolfunr04
Level 1
Level 1

‎11-02-2012 10:17 PM - edited ‎03-11-2019 05:18 PM

Hello, I am working on an ASA 5510 on 8.4 IOS and need to know how to limit icmp to just a single host? What I would like to do is be able to PING from the Inside interface 10.X.X.X to host 4.2.2.2 on the Outside, but thats it no other host would be PINGable.

I tried MANY different access-list statements but the only way I can get icmp out and working is using the "fixup protocol icmp" but then everything is PINGable and the ASA does not block anything.

Any help would be great!!!

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-02-2012 10:27 PM

Hello Scott,

Do fixup protocol icmp

access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2

access-list inside_in deny icmp any any

access-list inside_in permit ip any any

access-group inside_in in interface inside

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-02-2012 10:27 PM

Hello Scott,

Do fixup protocol icmp

access-list inside_in permit icmp host 10.x.x.x host 4.2.2.2

access-list inside_in deny icmp any any

access-list inside_in permit ip any any

access-group inside_in in interface inside

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
wolfunr04
Level 1
Level 1
In response to Julio Carvajal

‎11-02-2012 10:34 PM

You are great! Thanks so much!!!!!!!!!

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to wolfunr04

‎11-02-2012 10:40 PM

Hey Scott a pleasure to help

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card