Re: Cisco ASA & Ping

Ciscouser20188 · ‎12-13-2018

Is this possible?

My goal is to block ping reply from ASA outside interface, but to allow ping reply to group of hosts to the outside interface

my config right now

icmp permit any unreachable outside

with the above config, the ASA outside interface do not respond to ping (which is what I want)

now I would like 10 hosts located on the internet to ping the outside interface (would this setup be possible?)

Thank you

Sheraz.Salim · ‎12-13-2018

yes this is possible

icmp permit any unreachable outside

icmp permit host 8.8.8.8 outside

please rate me if i help you.

please do not forget to rate.

Ciscouser20188 · ‎12-13-2018

I know about this, but what if I have 30 hosts?

I tried icmp permit but the object group is not an option

I even tried creating access list and applying to the outside interface, with no luck

Sheraz.Salim · ‎12-13-2018

yes I lab this up and tried with access-list no luck and even with object-group does not show up either.

please do not forget to rate.

Ciscouser20188 · ‎12-13-2018

right same here..

I created an access-list and and also created a Icmp service option will all icmp services..no luck.

I believe I read somewhere about using control plane access-list...I will look into that.