Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6274
Views
5
Helpful
7
Replies

How to disable to ping outside from my public ip

Go to solution
ThomasMull9000
Level 1
Level 1

‎07-20-2012 07:31 AM

Dear Folks .

We have ciso asa 5505 and we are using one public ip of 155.155.155.9 , so i wanna disable to ping from outside this ip , but not effect our site to site and remote vpn connections ,

the only thing i need is to disable the public ip to ping from outside

thank you guys

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to ThomasMull9000

‎07-20-2012 02:11 PM

for that, the icmp-config would be the following:

icmp deny any echo outside

icmp permit any outside

echo requests get dropped, but all the other icmp types are still allowed.

View solution in original post

7 Replies 7

Go to solution
Karsten Iwen
VIP
VIP

‎07-20-2012 07:53 AM

ICMP-traffic that is sent to the ASA is controlled with the command "icmp". With this command you can permit and deny certain ICMP-types per interface. The comand works in a way that is comparable to an ACL. If you have one entry in your configuration, then everything that is not explicitly allowed is denied. So make sure you don't deny needed unreachables and these things.

Here is the configuration-guide for this function:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_management.html#wp1093364

If you tried to block these traffic with your interface-ACL, you should remove the entries. Traffic to the ASA is never controlled with interface ACLs. (I just mention this because I have seen to many configs where this traffic is configured on the interface-ACLs)

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to Karsten Iwen

‎07-20-2012 09:21 AM

Hi Thomas,

If hope you have configured the public ip on the outside interface (nameif outside e 0/0). If that is the case apply the below mentioned command. It will deny the icmp traffic to the outside.

icmp deny any outside

Please do rate if the given information helps.

By

Karthik

0 Helpful

Go to solution
ThomasMull9000
Level 1
Level 1
In response to nkarthikeyan

‎07-20-2012 10:35 AM

thank you ver much karsten.iwen and Karthikeyan Natarajan

yes i configured public ip for the outside interface (name outside 0/0) but i want all other traficit will not be effect only thing i want to disable other public ip address of the world can ping for my outside interface

thank you again

.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ThomasMull9000

‎07-20-2012 02:11 PM

for that, the icmp-config would be the following:

icmp deny any echo outside

icmp permit any outside

echo requests get dropped, but all the other icmp types are still allowed.

Go to solution
nkarthikeyan
Level 7
Level 7
In response to Karsten Iwen

‎07-21-2012 10:47 PM

Hi Thomas,

Yup. Karsten is correct. That will work.It will block only icmp - echo packets. (Ping) only.

Please do rate if the given info helps.

By

Karthik

0 Helpful

Go to solution
ThomasMull9000
Level 1
Level 1
In response to nkarthikeyan

‎07-30-2012 03:10 AM

This works Me

Thank a lot guys , God Bless you , i can't count how much i said to you thank you

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to ThomasMull9000

‎07-30-2012 03:17 AM

You are always welcome friend. This community always helps and shares whatever we have!!!

by

Karthik

0 Helpful
Customers Also Viewed These Support Documents