Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
0
Helpful
2
Replies

ICMP Blocking/Permitting

rkollar59
Level 1
Level 1

‎05-06-2005 12:41 PM - edited ‎02-21-2020 12:07 AM

Greetings,

I would like to block any ICMP requests from the outside; returning host unreachable, etc.

Would the syntax be something like:

icmp deny host 1.2.3.4.5 echo-reply outside

I would also like to permit ICMP from inside to outside.

What would the syntax be for this entry? Thanks.

0 Helpful
2 Replies 2

a-vazquez
Level 6
Level 6

‎05-12-2005 10:56 AM

You could simply apply an access-list which would block all ICMP traffic from outside. This is because when we apply a access-list to the interface which is facing the internet when packets come in they are checked against that access-list and will be dropped. I guess this would be a effective way of dropping ICMP messages.

0 Helpful

mostiguy
Level 6
Level 6

‎05-21-2005 06:00 AM

Are you talking about how a PIX handles ICMP packets directed at its interfaces? You WANT returning host unreachable, as blocking it will break path MTU detection.

by default, a pix allows all ICMP to its interfaces. Adding any ICMP rules will change this behavior

icmp permit any unreachable outside

Should effectively allow that, and disallow all other icmp to the outside interface

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card