Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

icmp traffic

Status
Not open for further replies.
khaledeshah

khaledeshah

ISP
Joined
Jan 1, 2001
Messages
84
Location
LY
Hi
I have servers behind PIX & I want to restrict ICMP traffic to those servers, so is all types of ICMP I must restrict ?
 
Sort by date Sort by votes
If you are not wanting any icmp traffic to come to those servers than there is nothing that you need to do. By default nothing is allowed inbound that didn't originate from an outbound connection. If you want to make sure that no icmp traffic can get to your inside network then just add...

access-list inbound deny icmp any any

I hope this helps

Dave
 
Upvote 0 Downvote
Remember you need three pieces, a static mapping to the server, an access-list to permit the traffic, and an access-group statement to apply the access-list to the outside interface.

You would only use one of the two access-list commands in the following example. The first one opens you wide for pings to anything. The second only allows you to ping to the external IP of the server in question.

Add more access-list and static lines for more servers.

static (inside,outside) 1.2.3.4 192.168.10.10 netmask 255.255.255.255 0 0
access-list fromout permit icmp any any
access-list fromout permit icmp any host 1.2.3.4
access-group fromout in interface outside

hope this helps,
-gbiello
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
394
Russtoleum
Russtoleum
xylax
  • Locked
  • Question Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
220
xylax
xylax
negley97
  • Locked
  • Question Question
XTM505 - would like to block all smtp traffic out except for Exchange server
Replies
2
Views
363
negley97
negley97
pbxnkey
  • Locked
  • Question Question
Redirect DNS traffic from the inside to the outside
Replies
2
Views
298
pbxnkey
pbxnkey
kdnations
  • Locked
  • Question Question
ASA 5510 traffic dropped
Replies
2
Views
247
kdnations
kdnations

Part and Inventory Search

Sponsor

Back
Top