06-22-2010 01:46 PM - edited 03-11-2019 11:02 AM
I thought any incoming traffic from the outside interface of an ASA 5520 is denied by default. From home, I can ping the public IP. Any explanation?
Our 5520 is connected via DSL router to the cloud. The DSL is allowing ICMP. I created an access rule to deny any ICMP from the DSL router. No avail, I can still ping reply from the ASA.
Any help/suggestion is appreciated.
Del
Solved! Go to Solution.
06-22-2010 02:02 PM
Hi,
By default all traffic from the outside to the inside is denied by default.
But this applies to pass-thru traffic through the ASA (not to traffic to the ASA itself).
What are you PINGing from the outside?
Federico.
06-22-2010 02:51 PM
The ASA will respond to pings by default.
If you are pinging the ASA then use "icmp deny any
I hope it helps.
PK
06-23-2010 11:15 AM
I did not suggest an ACL.
I suggested the command "icmp deny any
That will do it.
Rate helpful posts.
PK
06-22-2010 02:02 PM
Hi,
By default all traffic from the outside to the inside is denied by default.
But this applies to pass-thru traffic through the ASA (not to traffic to the ASA itself).
What are you PINGing from the outside?
Federico.
06-23-2010 10:50 AM
I am pinging from my home to the ASA. There is a DSL router before the ASA and is allowing ping.
06-22-2010 02:51 PM
The ASA will respond to pings by default.
If you are pinging the ASA then use "icmp deny any
I hope it helps.
PK
06-23-2010 10:52 AM
PK
I did write the ACL and I can still ping from the outside. I even tried an ACL to deny ICMP from the DSL router/modem to the ASA. ping still gets through.
06-23-2010 11:15 AM
I did not suggest an ACL.
I suggested the command "icmp deny any
That will do it.
Rate helpful posts.
PK
06-23-2010 12:01 PM
PK,
That did it! Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide