Default settings, Configuring icmp access – Cisco ASA 5505 User Manual

Page 751

Advertising
background image

37-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 37 Configuring Management Access

Configuring ICMP Access

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

IPv6 Guidelines

Supports IPv6.

Additional Guidelines

The ASA does not respond to ICMP echo requests directed to a broadcast address.

The ASA only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot
send ICMP traffic through an interface to a far interface.

Default Settings

By default, you can send ICMP packets to any ASA interface using either IPv4 or IPv6.

Configuring ICMP Access

To configure ICMP access rules, enter one of the following commands:

Detailed Steps

Examples

The following example shows how to allow all hosts except the one at 10.1.1.15 to use ICMP to the inside
interface:

hostname(config)# icmp deny host 10.1.1.15 inside

hostname(config)# icmp permit any inside

Command

Purpose

(For IPv4)

icmp

{permit | deny} {host ip_address |

ip_address mask | any} [icmp_type]

interface_name

Example:

hostname(config)# icmp deny host 10.1.1.15

inside

Creates an IPv4 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See the

“ICMP Types” section on page B-15

for a list of ICMP types.

(For IPv6)

ipv6 icmp

{permit | deny}

{ipv6-prefix/prefix-length | any | host

ipv6-address} [icmp-type] interface_name

Example:

hostname(config)# icmp permit host

fe80::20d:88ff:feee:6a82 outside

Creates an IPv6 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See
the

“ICMP Types” section on page B-15

for a list of ICMP types.

Advertising