security to stop icmp packet from outside

Unanswered Question
Sep 28th, 2010
User Badges:

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface3



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Tue, 09/28/2010 - 06:54
User Badges:
  • Cisco Employee,

You can specifically only stop suspicious icmp packet from outside, however, you can turn on basic threat detection feature and change the icmp rate. Threat detection will be applied globally (not interface specific).

Here is the command to change the threat detection rate for your reference:

Hope that helps.

r.kukreja Tue, 09/28/2010 - 08:15
User Badges:

I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit

Jennifer Halim Tue, 09/28/2010 - 15:50
User Badges:
  • Cisco Employee,

Unfortunately you can't configure CBAC on ASA to check the rate of ICMP, and threat-detection is only available from version 8.0.2 onwards and has become more stable on the latest version (8.2.x).


This Discussion