Solved

i want to allow ping out the network but i dont want outside int to respond to ping

Posted on 2006-11-07
4
165 Views
Last Modified: 2010-04-09
can i accomplish this with fixup? I don't want my outside IP responding to pings, however, from inside, i want to be able to ping\trace to the outside.
0
Comment
Question by:jaysonfranklin
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17894434
Not with fixup.
The command you want is "icmp", with an acl to allow icmp messages originating from an internal request

 icmp deny any any outside <== prevents the outside interface from responding to ping
\\-- you must integrate the following with any existing inbound access-list

 access-list outside_in permit icmp any any echo-reply
 access-list outside_in permit icmp any any unreachable
 access-list outside_in permit icmp any any time-exceeded



 




0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899077
So i don't specify 'icmp deny any any outside echo-reply', unreachable, etc.? just plain old 'deny any any ouside' seems to be working but all i've done is ping it. I just don't want it showing up in any kind of scan. acl seems fine. thanks dood!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17899807
icmp deny any any command is your key to cloaking yourself from the world..
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899980
Sweet. Thanks for sharing.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard test environment ? 3 76
Opening Port 80 10 66
Sonicwall Email los and Alerts 1 63
SQL Server Communications Audit 5 110
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question