i want to allow ping out the network but i dont want outside int to respond to ping

can i accomplish this with fixup? I don't want my outside IP responding to pings, however, from inside, i want to be able to ping\trace to the outside.
LVL 1
jaysonfranklinAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
lrmooreConnect With a Mentor Commented:
Not with fixup.
The command you want is "icmp", with an acl to allow icmp messages originating from an internal request

 icmp deny any any outside <== prevents the outside interface from responding to ping
\\-- you must integrate the following with any existing inbound access-list

 access-list outside_in permit icmp any any echo-reply
 access-list outside_in permit icmp any any unreachable
 access-list outside_in permit icmp any any time-exceeded



 




0
 
jaysonfranklinAuthor Commented:
So i don't specify 'icmp deny any any outside echo-reply', unreachable, etc.? just plain old 'deny any any ouside' seems to be working but all i've done is ping it. I just don't want it showing up in any kind of scan. acl seems fine. thanks dood!
0
 
lrmooreCommented:
icmp deny any any command is your key to cloaking yourself from the world..
0
 
jaysonfranklinAuthor Commented:
Sweet. Thanks for sharing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.