Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1266
Views
0
Helpful
1
Replies

Blocking unsolicited echo-reply from the outside of firewall

dnbsection
Level 1
Level 1

‎08-22-2013 01:01 AM - edited ‎03-11-2019 07:29 PM

                   What is the easiest way to stop unsolicited icmp echo-reply packets coming from the outside of an Cisco ASA 5500 firewall?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎08-22-2013 01:05 AM

Hi,

The firewall should now allow any ICMP Echo replys through the firewall if it hasnt seen a Echo for that same reply.

Instead of allowing Inbound ICMP from the WAN with an ACL you should configure ICMP Inspection

In a very default ASA configuration they would be added in the following way

policy-map global_policy

class inspection_default

  inspect icmp

  inspect icmp error

Hope this helps

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card