Question : How to restrict subnet to ping the ASA interface

Is there any way to restrict serveral subnets that are allowed to ping the ASA interface ? I have put the following configuration but seems doesn't work. Any idea ? Tks

access-list inside extended permit ip any any

icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo outside
icmp permit x.y.x.0 255.255.255.0 outside (subnet that allow to ping ASA)

global (outside) 1 interface
nat (inside) 0 access-list No-Nat
nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside in interface inside
access-group outside in interface outside

Answer : How to restrict subnet to ping the ASA interface

I believe the problem is that you have a "deny" as the first command and then the permit. I believe you will need to reverse the order of these two commands. Try this:

no icmp deny any echo outside

If you apply an explicit "icmp permit" command, then there will be an implicity "deny" for all other traffic.

Random Solutions

Microsoft ActiveSync 4.5

Multiple Remote Site VPN - Low Bandwidth

BASH Script to copy files based on the filename

Txt to HTM convertion

Account permissions with ActiveSync

hide attachments from cc and bcc recipients

Creating a 2nd Virtual Machine

How to view unresolved SIDS in the ACL of NTFS shares

Suggestions on strategy using Adobe LiveCycle Designer or another approach???

Can't restore an image