<div>
If you disable ICMP to an interface on the ASA doesn't mean you can't ping those IP addresses, it just means that the ASA interface won't respond. If you're using a rule to do this and not the ICMP management console, then you would just need to modify to point to those IP addresses.<br />
Otherwise, you will create rule in the ASDM on the outside interface to permit any to those IP's using the ICMP protocol.
</div>


If you disable ICMP to an interface on the ASA doesn't mean you can't ping those IP addresses, it just means that the ASA interface won't respond. If you're using a rule to do this and not the ICMP management console, then you would just need to modify to point to those IP addresses.
Otherwise, you will create rule in the ASDM on the outside interface to permit any to those IP's using the ICMP protocol.

<div>
We'll first you need to allow the pings from a host or network then DO THE DENY at the END like this<br />

<pre><code id="code-20-42738498-1">icmp permit host 123.123.123.123 outside
icmp deny any outside</code></pre>
If you need to add one, then remove the deny, add the new ip/range, then add the deny again....<br />

<pre><code id="code-20-42738498-2">no icmp deny any outside
icmp permit 123.123.123.0 255.255.255.0 outside
icmp deny any outside</code></pre>
How do you know if you got it right?<br />
<br />
use the following command<br />

<pre><code id="code-20-42738498-3">show run | incl icmp</code></pre>
And make sure the permits are BEFORE the denies<br />
<br />
Pete
</div>


We'll first you need to allow the pings from a host or network then DO THE DENY at the END like this


icmp permit host 123.123.123.123 outside
icmp deny any outside

If you need to add one, then remove the deny, add the new ip/range, then add the deny again....


no icmp deny any outside
icmp permit 123.123.123.0 255.255.255.0 outside
icmp deny any outside

How do you know if you got it right?

use the following command


show run | incl icmp

And make sure the permits are BEFORE the denies

Pete

Network Manager

zito2000

<div>
<div class="content wysiwyg-content">
Hello,<br />
I have a Cisco ASA FPR-2110. &nbsp;I am running ASA code and I'm using ASDM.<br />
I have Pings blocked so external sources can't ping my WAN interface.<br />
<br />
How do I, through ASDM, allow pings only to a certain set of public IP's?
</div>
</div>


Hello,
I have a Cisco ASA FPR-2110.  I am running ASA code and I'm using ASDM.
I have Pings blocked so external sources can't ping my WAN interface.

How do I, through ASDM, allow pings only to a certain set of public IP's?

Turn On Pings To External Interface

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).