Solved

i want to allow ping out the network but i dont want outside int to respond to ping

Posted on 2006-11-07
4
177 Views
Last Modified: 2010-04-09
can i accomplish this with fixup? I don't want my outside IP responding to pings, however, from inside, i want to be able to ping\trace to the outside.
0
Comment
Question by:jaysonfranklin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 17894434
Not with fixup.
The command you want is "icmp", with an acl to allow icmp messages originating from an internal request

 icmp deny any any outside <== prevents the outside interface from responding to ping
\\-- you must integrate the following with any existing inbound access-list

 access-list outside_in permit icmp any any echo-reply
 access-list outside_in permit icmp any any unreachable
 access-list outside_in permit icmp any any time-exceeded



 




0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899077
So i don't specify 'icmp deny any any outside echo-reply', unreachable, etc.? just plain old 'deny any any ouside' seems to be working but all i've done is ping it. I just don't want it showing up in any kind of scan. acl seems fine. thanks dood!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17899807
icmp deny any any command is your key to cloaking yourself from the world..
0
 
LVL 1

Author Comment

by:jaysonfranklin
ID: 17899980
Sweet. Thanks for sharing.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question