Avatar of gedruspax
gedruspaxFlag for United States of America asked on

Blocking All Incoming ICMP Traffic With Cisco ASA 5510

This is a fairly simple question and i'm sure there is a fairly simple answer but for whatever reason I can't seem to get ICMP blocked properly on my external interface of my ASA.  I obviously don't want my external interface to be pingable but no matter what i configure in the ACL I am still able to ping the outside IP from outside of our network.
 
external ip is xxx.xxx.xxx.178.
 
What is the easiest, best practice way to accomplish this?
Hardware FirewallsCiscoNetwork Architecture

Avatar of undefined
Last Comment
gedruspax

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
JFrederick29

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
gedruspax

our outside interface is actually named Outside_INF

so would the command be

conf t
icmp deny any Outside_INF?
JFrederick29

Yeah, exactly.
ASKER
gedruspax

Yup, that worked, thanks so much for your help!
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy