Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to disable to ping outside from my public ip

Dear Folks .

We have ciso asa 5505 and we are using one public ip of 155.155.155.9 , so i wanna disable to ping from outside this ip , but not effect our site to site and remote vpn connections ,

the only thing i need is to disable the public ip to ping from outside

thank you guys

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: How to disable to ping outside from my public ip

for that, the icmp-config would be the following:

icmp deny any echo outside

icmp permit any outside

echo requests get dropped, but all the other icmp types are still allowed.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
7 REPLIES
VIP Purple

How to disable to ping outside from my public ip

ICMP-traffic that is sent to the ASA is controlled with the command "icmp". With this command you can permit and deny certain ICMP-types per interface. The comand works in a way that is comparable to an ACL. If you have one entry in your configuration, then everything that is not explicitly allowed is denied. So make sure you don't deny needed unreachables and these things.

Here is the configuration-guide for this function:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_management.html#wp1093364

If you tried to block these traffic with your interface-ACL, you should remove the entries. Traffic to the ASA is never controlled with interface ACLs. (I just mention this because I have seen to many configs where this traffic is configured on the interface-ACLs)


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

How to disable to ping outside from my public ip

Hi Thomas,

If hope you have configured the public ip on the outside interface (nameif outside e 0/0). If that is the case apply the below mentioned command. It will deny the icmp traffic to the outside.

icmp deny any outside

Please do rate if the given information helps.

By

Karthik

New Member

How to disable to ping outside from my public ip

thank you ver much karsten.iwen and Karthikeyan Natarajan

yes i configured public ip for the outside interface (name outside 0/0) but i want all other traficit will not be effect only thing i want to disable other public ip address of the world can ping for my outside interface

thank you again

.

VIP Purple

Re: How to disable to ping outside from my public ip

for that, the icmp-config would be the following:

icmp deny any echo outside

icmp permit any outside

echo requests get dropped, but all the other icmp types are still allowed.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni

Re: How to disable to ping outside from my public ip

Hi Thomas,

Yup. Karsten is correct. That will work.It will block only icmp - echo packets. (Ping) only.

Please do rate if the given info helps.

By

Karthik

New Member

How to disable to ping outside from my public ip

This works Me

Thank a lot guys , God Bless you , i can't count how much i said to you thank you

How to disable to ping outside from my public ip

You are always welcome friend. This community always helps and shares whatever we have!!!

by

Karthik

1975
Views
0
Helpful
7
Replies
CreatePlease login to create content