Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX Minimum ICMP, please read my question

Reply
Thread Tools

PIX Minimum ICMP, please read my question

 
 
fnu-10a4
Guest
Posts: n/a
 
      11-23-2004
Hello,

I am doing the following setup for 3 Pix 515.

The inside networks get nated to the external interface of the
firewall which has an Internet IP.

I need to:

.. Make sure the inside users can ping the outside world,
.. Make sure the external IP of the firewall can not be pinged.

How to do this?

At the moment, I use an accesss-list 10 on the external interface
allowing icmp any any ..... but it is bad!

Many thanks,

Alain
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      11-23-2004
In article <(E-Mail Removed)> ,
fnu-10a4 <(E-Mail Removed)> wrote:
:I am doing the following setup for 3 Pix 515.

:. Make sure the external IP of the firewall can not be pinged.

:How to do this?

:At the moment, I use an accesss-list 10 on the external interface
:allowing icmp any any ..... but it is bad!

access-lists applied to the outside interface have no effect
on traffic *to* the PIX, only on traffic *through* the PIX. To
prevent the outside IP of the PIX from being pinged, use the
PIX 'icmp' command.

Note: to allow inside users to ping outside entities, you will
probably find that you need to set your outside access list to
permit icmp any any echo-reply
--
Most Windows users will run any old attachment you send them, so if
you want to implicate someone you can just send them a Trojan
-- Adam Langley
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Minimum requirements for IPSec over L2TP - PIX. AM Cisco 5 06-29-2006 07:15 AM
ICMP, the minimum to ping the internet but not the pix to pinged Alexandre Durbuy Cisco 2 06-08-2005 11:29 AM
vpnclient access to remote pix via pix-pix tunnel Bill F Cisco 1 11-25-2003 06:03 AM
[pix] desperatly need help with PIX-to-PIX config Remco Bressers Cisco 1 11-21-2003 08:58 PM
PIX to PIX to PIX meshed VPN Richard Cisco 1 11-15-2003 07:41 AM



Advertisments