ASA 5505 disable ping reply

Unanswered Question
Jun 1st, 2007
User Badges:

when my pix failed I switch over rapidly to a asa 5505


two of my external ip address say 1.1.1.x and 1.1.1.y are replying to ping replies from the internet. one address is used in my outside interface and the other is used in my route outside command


interface Vlan2

nameif outside

security-level 0

ip address 1.1.1.x 255.255.x.y


te outside 0.0.0.0 0.0.0.0 1.1.1.y 1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 06/03/2007 - 00:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


For your asa you need to deny ping replies from the outside interface. Attached is a link that explains how the asa responds to ping and how to deny it


http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f9fd.html#wp1631466


As for the 1.1.1.y that is presumably the upstream router from your asa. There is nothing you can do on the asa to stop this responding to pings. You need to log onto the router and use an access-list to prevent this happening


The router might be managed by your ISP. If so you need to talk to them but they may well require it for troubleshooting purposes.


HTH


Jon

Actions

This Discussion