Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

security to stop icmp packet from outside

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface3

Thanks

Rajat

3 REPLIES
Super Bronze

Re: security to stop icmp packet from outside

You can specifically only stop suspicious icmp packet from outside, however, you can turn on basic threat detection feature and change the icmp rate. Threat detection will be applied globally (not interface specific).

Here is the command to change the threat detection rate for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/t.html#wp1526399

Hope that helps.

New Member

Re: security to stop icmp packet from outside

I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit

Super Bronze

Re: security to stop icmp packet from outside

Unfortunately you can't configure CBAC on ASA to check the rate of ICMP, and threat-detection is only available from version 8.0.2 onwards and has become more stable on the latest version (8.2.x).

185
Views
0
Helpful
3
Replies