cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9615
Views
5
Helpful
6
Replies

How to deny outside incoming ICMP to ASA 5520

Delfino Tiongco
Level 1
Level 1

I thought any incoming traffic from the outside interface of an ASA 5520 is denied by default. From home, I can ping the public IP.  Any explanation?

Our 5520 is connected via DSL router to the cloud. The DSL is allowing ICMP. I created an access rule to deny any ICMP from the DSL router. No avail, I can still ping reply from the ASA.

Any help/suggestion is appreciated.

Del

3 Accepted Solutions

Accepted Solutions

Hi,

By default all traffic from the outside to the inside is denied by default.

But this applies to pass-thru traffic through the ASA (not to traffic to the ASA itself).

What are you PINGing from the outside?

Federico.

View solution in original post

Panos Kampanakis
Cisco Employee
Cisco Employee

The ASA will respond to pings by default.

If you are pinging the ASA then use "icmp deny any " on the ASA and it will drops the pings to it.

I hope it helps.

PK

View solution in original post

I did not suggest an ACL.

I suggested the command  "icmp deny any " on the ASA.

That will do it.

Rate helpful posts.

PK

View solution in original post

6 Replies 6

Hi,

By default all traffic from the outside to the inside is denied by default.

But this applies to pass-thru traffic through the ASA (not to traffic to the ASA itself).

What are you PINGing from the outside?

Federico.

I am pinging from my home to the ASA.  There is a DSL router before the ASA and is allowing ping.

Panos Kampanakis
Cisco Employee
Cisco Employee

The ASA will respond to pings by default.

If you are pinging the ASA then use "icmp deny any " on the ASA and it will drops the pings to it.

I hope it helps.

PK

PK

I did write the ACL and I can still ping from the outside. I even tried an ACL to deny ICMP from the DSL router/modem to the ASA. ping still gets through.

I did not suggest an ACL.

I suggested the command  "icmp deny any " on the ASA.

That will do it.

Rate helpful posts.

PK

PK,

That did it!  Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: