We have a Cisco ASA 5580 and the outside interface has a public IP address and we noticed we can ping this address from the Internet. I did a packet capture on the outside interface and confirmed the pings and the IP address sending the pings. The 5580 does not have an access list allowing icmp so I'm not sure what is allowing the pings to this interface.
I appreciate the reply but neither of those commands are configured on the ASA and there are no inspect statements allowing icmp and only the implicit deny access rule is configured on the outside interface so I'm still confused as to what is allowing the pings to the outside interface.
Jouni, thanks for the reply as I was under the impression the ASA denies icmp by default unless manually allowed. Either there is something I'm missing or we have bug based on version and/or configuration we have or I'm wrong assuming pings are denied by default.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...