Avatar of wannabecraig
wannabecraigFlag for Ireland asked on

How do I stop a ASA 5505 responding to ping from outside


I have an asa 5505 that is currently responding to ping from the internet.
How do I configure it so it does not reply to pings?

Avatar of undefined
Last Comment

8/22/2022 - Mon

You will need to add a rule to block the requests.

icmp deny <ip> <mask> <interface>


is this as an incoming rule on the outside interface?

I've blocked any ICMP from any source to the outside interface. But I still get a reply.

Thats correct. If your not familiar with the cli use the ASDM wizards which will help you through this.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes

I've used the ASDM to check that this was okay. It looks fine to be honest but I still get a reply.
Any ideas? Any more info you need?

When you say replies what do you mean? IF you are pinging from inside the network then from what you have explained this is proper behavior. You have only blocked ICMP from outside-in so internal pings will still echo.


I have a second iNet connection on the internet that gets a reply. I'll try it from home to make sure and let you know tomorrow.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

If you are using ASDM 6.2 GUI, you will need to:

1) Connect to your device
2) Click on 'Configuration' (Toolbar at top)
3) Click on 'Device Management' (Navigation List - Bottom Left)
4) Expand 'Management Access'
5) Click on 'ICMP'
6) Add your rule as follows:
ICMP Type: any
Interface: outside
Action: deny
IP Address:   Any Address checkbox


1) Click on Tools (Menu Bar)
2) Click on 'Command Line Interface...'
3) Click on 'Multiple Line'
4) Type the following into the Text Box:
icmp deny any outside

Open in new window

5) Click on the 'Send' button

Make sure, in either case, you Apply changes and save your changes to memory.