ASA 5505 disable ping reply

Unanswered Question
Jun 1st, 2007

when my pix failed I switch over rapidly to a asa 5505

two of my external ip address say 1.1.1.x and 1.1.1.y are replying to ping replies from the internet. one address is used in my outside interface and the other is used in my route outside command

interface Vlan2

nameif outside

security-level 0

ip address 1.1.1.x 255.255.x.y

te outside 0.0.0.0 0.0.0.0 1.1.1.y 1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 06/03/2007 - 00:22

Hi

For your asa you need to deny ping replies from the outside interface. Attached is a link that explains how the asa responds to ping and how to deny it

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f9fd.html#wp1631466

As for the 1.1.1.y that is presumably the upstream router from your asa. There is nothing you can do on the asa to stop this responding to pings. You need to log onto the router and use an access-list to prevent this happening

The router might be managed by your ISP. If so you need to talk to them but they may well require it for troubleshooting purposes.

HTH

Jon

Actions

This Discussion