EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Cli Configuration Guide

Cisco ASA 5512-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1006 background imageLoading...
Page #1006 background image
1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Management Access
Configuring ICMP Access
Configuring ICMP Access
To configure ICMP access rules, enter one of the following commands:
Detailed Steps
Examples
The following example shows how to allow all hosts except the one at 10.1.1.15 to use ICMP to the inside
interface:
hostname(config)# icmp deny host 10.1.1.15 inside
hostname(config)# icmp permit any inside
The following example shows how to allow the host at 10.1.1.15 to use only ping to the inside interface,
enter the following command:
hostname(config)# icmp permit host 10.1.1.15 inside
The following example shows how to deny all ping requests and permit all packet-too-big messages (to
support path MTU discovery) at the outside interface:
hostname(config)# ipv6 icmp deny any echo-reply outside
hostname(config)# ipv6 icmp permit any packet-too-big outside
The following example shows how to permit host 2000:0:0:4::2 or hosts on prefix 2001::/64 to ping the
outside interface:
hostname(config)# ipv6 icmp permit host 2000:0:0:4::2 echo-reply outside
hostname(config)# ipv6 icmp permit 2001::/64 echo-reply outside
hostname(config)# ipv6 icmp permit any packet-too-big outside
Command Purpose
(For IPv4)
icmp {permit | deny} {host ip_address |
ip_address mask | any} [icmp_type]
interface_name
Example:
hostname(config)# icmp deny host 10.1.1.15
inside
Creates an IPv4 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See the
“ICMP Types” section on page 1-15 for a list of ICMP types.
(For IPv6)
ipv6 icmp {permit | deny}
{ipv6-prefix/prefix-length | any | host
ipv6-address} [icmp-type] interface_name
Example:
hostname(config)# icmp permit host
fe80::20d:88ff:feee:6a82 outside
Creates an IPv6 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See
the“ICMP Types” section on page 1-15 for a list of ICMP types.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Configuration Guide
Configuration Guide428 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals