Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

i want to allow ping out the network but i dont want outside int to respond to ping

Posted on 2006-11-07
4
Medium Priority
?
185 Views
Last Modified: 2010-04-09
can i accomplish this with fixup? I don't want my outside IP responding to pings, however, from inside, i want to be able to ping\trace to the outside.
0
Comment
Question by:jaysonfranklin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 17894434
Not with fixup.
The command you want is "icmp", with an acl to allow icmp messages originating from an internal request

 icmp deny any any outside <== prevents the outside interface from responding to ping
\\-- you must integrate the following with any existing inbound access-list

 access-list outside_in permit icmp any any echo-reply
 access-list outside_in permit icmp any any unreachable
 access-list outside_in permit icmp any any time-exceeded



 




0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899077
So i don't specify 'icmp deny any any outside echo-reply', unreachable, etc.? just plain old 'deny any any ouside' seems to be working but all i've done is ping it. I just don't want it showing up in any kind of scan. acl seems fine. thanks dood!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17899807
icmp deny any any command is your key to cloaking yourself from the world..
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899980
Sweet. Thanks for sharing.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question