EasyManuals Logo

Cisco ASA 5540 User Manual

Cisco ASA 5540
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1006 background imageLoading...
Page #1006 background image
1-12
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Management Access
Configuring ICMP Access
Configuring ICMP Access
To configure ICMP access rules, enter one of the following commands:
Detailed Steps
Examples
The following example shows how to allow all hosts except the one at 10.1.1.15 to use ICMP to the inside
interface:
hostname(config)# icmp deny host 10.1.1.15 inside
hostname(config)# icmp permit any inside
The following example shows how to allow the host at 10.1.1.15 to use only ping to the inside interface,
enter the following command:
hostname(config)# icmp permit host 10.1.1.15 inside
The following example shows how to deny all ping requests and permit all packet-too-big messages (to
support path MTU discovery) at the outside interface:
hostname(config)# ipv6 icmp deny any echo-reply outside
hostname(config)# ipv6 icmp permit any packet-too-big outside
The following example shows how to permit host 2000:0:0:4::2 or hosts on prefix 2001::/64 to ping the
outside interface:
hostname(config)# ipv6 icmp permit host 2000:0:0:4::2 echo-reply outside
hostname(config)# ipv6 icmp permit 2001::/64 echo-reply outside
hostname(config)# ipv6 icmp permit any packet-too-big outside
Command Purpose
(For IPv4)
icmp {permit | deny} {host ip_address |
ip_address mask | any} [icmp_type]
interface_name
Example:
hostname(config)# icmp deny host 10.1.1.15
inside
Creates an IPv4 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See the
“ICMP Types” section on page 1-15 for a list of ICMP types.
(For IPv6)
ipv6 icmp {permit | deny}
{ipv6-prefix/prefix-length | any | host
ipv6-address} [icmp-type] interface_name
Example:
hostname(config)# icmp permit host
fe80::20d:88ff:feee:6a82 outside
Creates an IPv6 ICMP access rule. If you do not specify an icmp_type, all
types are identified. You can enter the number or the name. To control ping,
specify echo-reply (0) (ASA-to-host) or echo (8) (host-to-ASA). See
the“ICMP Types” section on page 1-15 for a list of ICMP types.

Table of Contents

Other manuals for Cisco ASA 5540

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5540 and is the answer not in the manual?

Cisco ASA 5540 Specifications

General IconGeneral
Firewall Throughput650 Mbps
Maximum Firewall Connections400, 000
VPN Throughput225 Mbps
Maximum VPN Peers5, 000
High AvailabilityActive/Active, Active/Standby
IPSec VPN Throughput225 Mbps
Memory1 GB
IPS Throughput225 Mbps
Security Contexts50
Flash Memory64 MB
Form Factor1U
Power SupplyDual
Interfaces4 x 10/100/1000 Ethernet

Related product manuals