Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Hello All,

I have what I'm sure is a simple question, but is frustrating me.  I'd like to enable ICMP response on the outside interface of my ASA's to respond to ICMP traffic that is sent from a specific DNS address (an external monitoring service).  Any thoughts on how best to accomplish this?  Thanks in advance.

Issue is the routable IP will change regularly, but the DNS address will remain the same.  A pool of IPs basically.  Thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Hello Ronan,

So only ICMP responsed from outside from the Domain-Name of that host

Nah, I do not see this being possible on the ASA at the moment, you will need to use the IP pool as the only method to be restrictive.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
4 REPLIES
Silver

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Well ICMP is always allowed but ISP normally have what is called stick DNS, so my question would be, do you want to restric IP address from reaching the ASA via ICMP and only allow the DNS hosting site

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Hello Ronan,

So only ICMP responsed from outside from the Domain-Name of that host

Nah, I do not see this being possible on the ASA at the moment, you will need to use the IP pool as the only method to be restrictive.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Silver

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Need help????

Value our effort and rate the assistance!

Value our effort and rate the assistance!
Community Member

Enable ICMP response on OUTSIDE interface based on DNS in ASA

My sincere apologies for not replying sooner.  I've been away and unable to respond quicker.  Thank you very much for your quick answer.  Looks like IP Pool is the way to go in this case.  Once again, thank you.

409
Views
5
Helpful
4
Replies
CreatePlease to create content