Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
3
Replies

disable the icmp on the edge asr1001 facing internet

raymond wang
Level 1
Level 1

‎01-19-2015 06:52 AM - edited ‎03-07-2019 10:17 PM

Hello,

Since the asr 1001 is facing the internet i would like to disable the ping for security purpose. I understand I can create a ACL to stop the ping packets from internet. Once concern is this might cause the capacity issue. 

Is there any other ways to disable the ping on the asr1001?

 

Thanks

 

Ray

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-19-2015 07:03 AM

Hi,

Is should not cause capacity issue. You can create an access-list and apply it to the interface facing the internet and block ICMP.  It should be in "in" direction and also make sure you have all your permit statements before you putting in the deny statements.

HTH

0 Helpful

raymond wang
Level 1
Level 1
In response to Reza Sharifi

‎01-19-2015 07:19 AM

ok. If that is the case, I do not worry about it then.

 

Thanks to reply.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to raymond wang

‎01-19-2015 09:51 PM

For Internet edge, the ASRs I have configured out there have had ZBFW to protect the SELF zone as well as some inside zones.

If you are in to security like me and run some vulnerability scans (Qualys) in my case the results came back completely clean.

If it is only pings you want to stop a simple ACL will do but normally one would think about protecting the router in other ways too.

e.g. CoPP, ZBFW

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card