Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1396
Views
5
Helpful
1
Replies

How to block Pinging the ASA 5506 outside interface ?

Go to solution
gihansvn24
Level 1
Level 1

‎03-24-2016 10:47 AM

I have configured a Cisco ASA and setup VPN configuration. Everything is working fine. The ASA outside interface is pingable (from internet) which is a security threat. How to only block pinging the outside interface without interrupting the functions of the ASA. I have tried the following but not seems to be working.

outside IP = 169.215.243.X

ASA Version 9.3(2)2

Access list BLOCK_PING deny icmp any host 169.251.243.X echo-reply

Access-group BLOCK_PING in interface outside

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎03-24-2016 11:45 AM

The ACL you configured is only for traffic that gets send through the ASA, traffic to the ASA is controlled in different ways. For ICMP you can deny pinging the ASA and allowing all other ICMP with the following config:

icmp deny any echo outside
icmp permit any outside

Disallowing all ICMP is also possible:

icmp deny any outside

The "truth" is probably somewhere between both options. It's your choice.

View solution in original post

1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎03-24-2016 11:45 AM

The ACL you configured is only for traffic that gets send through the ASA, traffic to the ASA is controlled in different ways. For ICMP you can deny pinging the ASA and allowing all other ICMP with the following config:

icmp deny any echo outside
icmp permit any outside

Disallowing all ICMP is also possible:

icmp deny any outside

The "truth" is probably somewhere between both options. It's your choice.

Customers Also Viewed These Support Documents