We just installed an SA520W to use as a FW/Router with our new Metro Ethernet Internet connection. Our provider "demands" that we allow ICMP-ECHO (type8), ICMP-ECHO-REPLY (type0) and ICMP-TRACEROUTE (type30) to facilitate their monitoring of our service.
They have given me Source IP ranges for the hosts that would be pinging us.
I'm a newbie to firewalls and configs. Is there anyway to allow the service provider to 'ping' our router from the pre-determined range of source IPs? When I try to set up a rule for this, the rule wants an internal IP address under destination NAT settings...I have no idea what that would be.
Do I uncheck the "Block Ping to WAN Interface"? That would allow anyone/anything to ping me, right? Is that safe to do?
Yes you can have your provider Ping your SA520W, however, you will need to redirect the ICMP-ECHO (type8), ICMP-ECHO-REPLY (type0) and ICMP-TRACEROUTE (type30) to a physical device either on your LAN or DMZ. You do not want to open the ability for anybody to be able to ping your WAN interface.
What you need to is first create the internal Service definition for ICMP type 30 and type 0 as these are not predefined. Log into the router, select Firewall tab, then select Services, and choose Add. Enter the values accordingly. See attached picture.
After adding your services, you need to create a IPv4 firewall rule for each ICMP type to allow each service to be redirected to an internal device on either the LAN or DMZ. Select Firewall tab, then select IPv4 Rules, Select Add... Enter the parameters to match your environment.
See attached bitmap showing firewall rule to allow remote IP address range 188.8.131.52 to 184.108.40.206 to be able to ping a device on DMZ.
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...