How do I block pings from the outside to the ASA 5505 outside interface?

Similar Messages

• Unable to access/lan2lan ping from VPN Fortigate to Cisco ASA 5505

  Problem : Unable to access user A to user B
  User A --- router A (122, fortigate 80c) --- (Site to Site VPN between fortigate & cisco asa) --- router B (93, cisco Asa 5505{in front asa got cisco800[81] before to internet} )  --- User B
  After using wizard to configure the cisco ASA site to site VPN, the site-to-site tunnel is up.
  Ping is unsuccessful from user A to user B
  Ping is successful from user B to user A, data is accessable
  After done the packet tracer from user A to user B,
  Result :
  Flow-lookup
  Action : allow
  Info: Found no matching flow, creating a new flow
  Route-lookup
  Action : allow
  Info : 192.168.5.203 255.255.255.255 identity
  Access-list
  Action : drop
  Config Implicit Rule
  Result - The packet is dropped
  Input Interface : inside
  Output Interface : NP Identify Ifc
  Info: (acl-drop)flow is denied by configured rule
  Below is Cisco ASA 5505's show running-config
  ASA Version 8.2(1)
  hostname Asite
  domain-name ssms1.com
  enable password ZZZZ encrypted
  passwd WWWW encrypted
  names
  name 82 B-firewall description Singapore office firewall
  name 192.168.1.0 B-inside-subnet description Singapore office internal LAN IP
  name 192.168.200.0 A-inside-VLAN12 description A-inside-VLAN12 (fortinet)
  name 192.168.2.0 fw-inside-subnet description A office internal LAN IP
  name 122 A-forti
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.5.203 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 93 255.255.255.240
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name ssms1.com
  object-group network obj_any
  network-object 0.0.0.0 0.0.0.0
  access-list inside_nat0_outbound extended permit ip any 80 255.255.255.240
  access-list inside_nat0_outbound extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
  access-list outside_cryptomap extended permit ip fw-inside-subnet 255.255.255.0 B-inside-subnet 255.255.255.0
  access-list Outside_nat-inbound extended permit ip A-inside-VLAN12 255.255.255.0 192.168.5.0 255.255.255.0
  access-list Outside_nat-inbound extended permit ip host A-forti 192.168.5.0 255.255.255.0
  access-list outside_1_cryptomap extended permit ip 192.168.5.0 255.255.255.0 A-inside-VLAN12 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-631.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 101 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 101 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 81 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http B-inside-subnet 255.255.255.0 inside
  http fw-inside-subnet 255.255.255.0 inside
  http 0.0.0.0 255.255.255.255 outside
  http 0.0.0.0 0.0.0.0 outside
  http 192.168.5.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer A-forti
  crypto map outside_map 1 set transform-set ESP-3DES-SHA
  crypto map outside_map 2 match address outside_cryptomap
  crypto map outside_map 2 set peer B-firewall
  crypto map outside_map 2 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 20
  authentication pre-share
  encryption aes-192
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption aes-256
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.5.10-192.168.5.20 inside
  dhcpd dns 165 165 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
  username admin password XXX encrypted privilege 15
  tunnel-group 122 type ipsec-l2l
  tunnel-group 122 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  class-map outside-class
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
    message-length maximum client auto
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect icmp
  policy-map outside-policy
  description ok
  class outside-class
    inspect dns
    inspect esmtp
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect icmp
    inspect icmp error
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect sip
    inspect skinny
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect xdmcp
  service-policy global_policy global
  service-policy outside-policy interface outside
  prompt hostname context
  Cryptochecksum: XXX
  : end
  Kindly need your expertise&help to solve the problem

  any1 can help me ?

• How do i block website from my macbook pro

  how do i block website from my macbook pro?

  It's an very old and simple question! There are two ways that you can use to block websites on your Macbook Pro:
  1. Enable the Parental Control on your Macbook Pro, choose the app you don't want your kids to use.
  2. Install the Internet filter software for Mac that can help you block any unwanted websites automatically.

• HT1918 How can i block others from purchasing itunes from my ipad or iphone?

  How can i block others from purchsing itunes from my ipad or iphone?

  You can use Settings > General > Restrictions on each device to require your iTunes password to be entered for every download (and you can block in-app purchases), or you can hide the App Store ('Installing Apps' set 'off') and iTunes store apps so that they can't be used.

• How can l block users from backing dating transactions

  1. How can l block users from back dating transactions in SAP B1. It was discovered that, in production dept there is this allowance given to them to keep producing for the previous month in the new month; this according to line staff is to enable them meet up their monthly target, after a meeting with the management it was resolved to block that right of backdation of enteries. how can l  correct  this.
  2. How can l change the decimal places backward in the general settings of administration of SAP B1( iniatially it was set to be 5 under Quantity now want to correct it to 3 how do l go about this).
  Joel

  Joel,
  By forum rule, one question for one thread.  I will answer you the second:  If you are using 2007 version, the option to decrease decimal place is not available.  Check this thread to know more:
  Re: REDUCE NUMBER OF DECIMAL PLACES
  Also note: this forum is just for B1 system administration.  Please post it on the main forum.
  Thanks,
  Gordon

• How long CSS blocks flow, from source which detected as source DoS?

  My application generates except normal flow, flow which CSS treats as DoS attack. Both flows have the same source.
  I am afraid that, CSS can block proper flow.
  So, I have question: how long CSS blocks flow, from source which detected as source DoS?
  Krzysztof

  I am not very sure of the lenghth of time that it blocks the flow from the source, if it is considered as a source of DoS attack, but the workaround would be to bypass the cache for that particular source, since you are already aware that it might cause a problem. You could use a bypass rule to do so. You can also use the flow timeout feature with the flow port[1|2|3|4|5|6|7|8|9|10] timeout command to configure a flow timeout value for a TCP or UDP port. I am not very sure if this feature would help in your situation, bypass seems to be a better option.

• How can I block myself from sending email to a certain email address?

  How can I block myself from sending email to a certain email address?  I am in the middle of a relationship ending and I want to RESTRICT myself from being able to send outgoing email to a certain email address. Please advise. I have no will power and I don't want to be engaged in back and forth email drama.  Thanks.

  Might sound kind of silly, but you could go into Contacts, the person in question, edit, and where it says Add Field, put somthing in like STOP, or DO NOT DO THIS
  At least that would get your attention, even if it doesn't block you from emailing.
  There just isn't much you can do to block yourself.  If you have a couple close friends, do something like an AA support group...call a friend and have them talk you out of emailing.
  I'm not trying to be smart alecky about this, actually trying to help, but there isn't much to offer.

• TS3276 How can I block mail from a specific email address?

  How can I block mail from a specific email address?

  Create a Rule
  Mail menu
  You can choose the Delete option from the drop down list or you can move the message to a specific folder.

• How do i block texts from a number on my iphone?

  How do I block texts from a number on my iPhone? My service provider use a safety net but not available for iPhone. tried downloading iblacklist manager but it wouldn't download. Any help greatly appreciated.

  Firstly in order to download iblacklist you are required to jailbreak your iPhone. If you jailbreak your iPhone, under the Terms of Use of this forum it is prohibited to discuss jail breaking and you will void any warranty you may have, forfeit any support from this forum, leave your iPhone vulnerable to malware and risk bricking your iPhone should you attempt future software updates or restoring your iPhone. I strongly advise you against going down this route.
  As for blocking SMS, I am not aware it can done.  Your network carrier maybe able to help blocking numbers, some offer this support, naturally others do not.  Other more techy minded users on here maybe able to offer more accurate advice with regards to SMS blocking.

• How can I move apps from one computer to the other?

  How can I move apps from one computer to the other?
  (preferably without iCloud)

  Backup your iTunes library to an external drive and onto the other computer
  http://support.apple.com/kb/ht1751

• How do i copy stickies from one mac to the other

  how do i copy stickies from one mac to the other?
  or are they stored in a file i can just copy them over ? if so what is the file name path?
  thanks in advance

  yes, they are stored in the file /users/username/library/StickiesDatabase. just copy it over to the corresponding location on the new computer.

• I have a 120gb Classic that has no space left on it. i am going to buy a larger gb capacity ipod as soon as i get clearer instruction on how to get the old ipod content to the new ipod. How do you get content from one ipod to the other?

  how do you get content from one ipod to the new one? my content is on an external hard drive not on my pc and i have run out of space on my 120gb classic. can you get old ipod content to new? my itunes has only got short cuts, the real content is on an external drive? can this be done?? please help

  If the content is on an external drive, but your library knows where to find it, then it should all work. Connect your device, make some selections for what to put on it, and sync. If, on the other hand, your current iPod is the only place holding some of your media then see this user tip: Recover your iTunes library from your iPod or iOS device.
  tt2

• When I use Home sharing, I can see the library I want to copy, but when I highlight the library, the import button does not show up. Also, it will not let me drop and drag. How do I get music from one computer to the other computer?

  When I use Home Sharing, I can see the library I want to copy under Shared, but I can't get it save on the computer under the regular library. I go to edit and "select all" but there is no import button that is in the right hand corner. Also, it will not let me click and drag the music. How do I get it from one computer to the other?

  Since both computers are connected via the network, you could simply copy the ENTIRE iTunes folder from one computer to another via the network.
  If both computers are running Windows, use the Easy File Transfer Utility built into Windows to move iTunes and all other user media/data.

• I have a new iMac and i created two libraries on iTunes. how do i copy songs from one library to the other?

  I have a new imac. I created two libraries, one for me, one for my kids. how do I copy songs from one library to the other library?

  Not easy unless you're just content with adding some files to the other as new files but lose playlists for those files, and playcount, and ratings, etc.  If you're okay with that, you can drag the media folder from one library to the other. If you use default settings and want to duplicate the media, just drag it. If you want to add the media but leave it where it is currently located, hold down the option key while dragging to the library window.
  Otherwise:
  PowerTunes - http://www.fatcatsoftware.com/powertunes/ (commercial software)
  syncOtunes - http://homepage.mac.com/oligrob/syncOtunes/syncOtunes.html

• How do I transfer music from one iPhone to the other without using a laptop and will I be billed?

  How do I transfer music from one iPhone to the other without using a laptop and will I be billed?

  Download Past Purchases
  http://support.apple.com/kb/HT2519
  Or do you mean this...
  Old Phone to New Phone
  http://support.apple.com/kb/HT2109
  Also...
  It should be Noted that anything Downloaded with a Particular Apple ID is tied to that Apple ID and Cannot be Merged or Transferred to a Different Apple ID