Solved

Blocking All Incoming ICMP Traffic With Cisco ASA 5510

Posted on 2010-11-16
4
1,024 Views
Last Modified: 2012-05-10
This is a fairly simple question and i'm sure there is a fairly simple answer but for whatever reason I can't seem to get ICMP blocked properly on my external interface of my ASA.  I obviously don't want my external interface to be pingable but no matter what i configure in the ACL I am still able to ping the outside IP from outside of our network.
 
external ip is xxx.xxx.xxx.178.
 
What is the easiest, best practice way to accomplish this?
0
Comment
Question by:gedruspax
  • 2
  • 2
4 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 250 total points
ID: 34145488
ICMP to and from the ASA itself is not controlled via the interface access-lists.

Use the following:

conf t
icmp deny any outside
0
 

Author Comment

by:gedruspax
ID: 34145532
our outside interface is actually named Outside_INF

so would the command be

conf t
icmp deny any Outside_INF?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 34145560
Yeah, exactly.
0
 

Author Comment

by:gedruspax
ID: 34145565
Yup, that worked, thanks so much for your help!
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA VPN Client Routing 8 41
Windows Server to Cisco switch connectivity 10 74
ASA 5506X create a simple DMZ 4 28
NTP configuration on Cisco switch 3 14
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question