Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA's outsode interface can be "pinged" should it be?

Hi, from the Internet I can ping our ASA's outside interface, should this be liek if not how can I stop it?

5 REPLIES
Cisco Employee

Re: ASA's outsode interface can be "pinged" should it be?

yes by default its allowed

Add this to block :-

ASA5510-Single(config)# icmp deny any echo outside

New Member

Re: ASA's outsode interface can be "pinged" should it be?

Does it matter if it's "pingable" or should it locked down?

I only use the ASDM and added the rule at the top of the list as a deny and I could still ping outside interface?

Cisco Employee

Re: ASA's outsode interface can be "pinged" should it be?

well sometimes you might need to allow pings to outside Interface for troubleshooting purpose...so there is not harm to allow excho request to outside Interface, moreover if your ICMP has configured rate limiting on ICMPs then you don't need to worry about the flood hitting ASA

In ASDM you might have added rule in ACL to deny this but this isn't a transitting traffic so ACL does not work for this

New Member

Re: ASA's outsode interface can be "pinged" should it be?

How do I configured rate limiting on ICMP's?

Re: ASA's outsode interface can be "pinged" should it be?

Andy , you may want to try icmp deny any outside

123
Views
0
Helpful
5
Replies
CreatePlease to create content