this should not be a challange...
i want to deny icmp to the outside interface:
access-list acl_outside; 4 elements access-list acl_outside line 1 extended permit tcp any host 1.2.3.4 eq ftp (hitcnt=3531) access-list acl_outside line 2 extended permit tcp any host 1.2.3.4 eq www (hitcnt=36336) access-list acl_outside line 3 extended permit tcp any host 1.2.3.4 eq 81 (hitcnt=2130) access-list acl_outside line 4 extended deny icmp any interface outside (hitcnt=0)
my ping to the outside interface is still being answered... what's going on?
PS: I would like to allow ping to inside host, and would add:
access-list acl_outside extended permit icmp any host 1.2.3.4
correct?