02-21-2008 07:06 AM - edited 03-11-2019 05:06 AM
Hi, from the Internet I can ping our ASA's outside interface, should this be liek if not how can I stop it?
02-21-2008 07:40 AM
yes by default its allowed
Add this to block :-
ASA5510-Single(config)# icmp deny any echo outside
02-21-2008 08:48 AM
Does it matter if it's "pingable" or should it locked down?
I only use the ASDM and added the rule at the top of the list as a deny and I could still ping outside interface?
02-21-2008 08:59 AM
well sometimes you might need to allow pings to outside Interface for troubleshooting purpose...so there is not harm to allow excho request to outside Interface, moreover if your ICMP has configured rate limiting on ICMPs then you don't need to worry about the flood hitting ASA
In ASDM you might have added rule in ACL to deny this but this isn't a transitting traffic so ACL does not work for this
02-21-2008 01:12 PM
How do I configured rate limiting on ICMP's?
02-21-2008 09:07 AM
Andy , you may want to try icmp deny any outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: