Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Blocking unsolicited echo-reply from the outside of firewall

                   What is the easiest way to stop unsolicited icmp echo-reply packets coming from the outside of an Cisco ASA 5500 firewall?

1 REPLY
Super Bronze

Blocking unsolicited echo-reply from the outside of firewall

Hi,

The firewall should now allow any ICMP Echo replys through the firewall if it hasnt seen a Echo for that same reply.

Instead of allowing Inbound ICMP from the WAN with an ACL you should configure ICMP Inspection

In a very default ASA configuration they would be added in the following way

policy-map global_policy

class inspection_default

  inspect icmp

  inspect icmp error

Hope this helps

- Jouni

433
Views
0
Helpful
1
Replies
CreatePlease to create content