PIX Minimum ICMP, please read my question

Discussion in 'Cisco' started by fnu-10a4, Nov 23, 2004.

  1. fnu-10a4

    fnu-10a4 Guest

    Hello,

    I am doing the following setup for 3 Pix 515.

    The inside networks get nated to the external interface of the
    firewall which has an Internet IP.

    I need to:

    .. Make sure the inside users can ping the outside world,
    .. Make sure the external IP of the firewall can not be pinged.

    How to do this?

    At the moment, I use an accesss-list 10 on the external interface
    allowing icmp any any ..... but it is bad!

    Many thanks,

    Alain
     
    fnu-10a4, Nov 23, 2004
    #1
    1. Advertising

  2. In article <>,
    fnu-10a4 <> wrote:
    :I am doing the following setup for 3 Pix 515.

    :. Make sure the external IP of the firewall can not be pinged.

    :How to do this?

    :At the moment, I use an accesss-list 10 on the external interface
    :allowing icmp any any ..... but it is bad!

    access-lists applied to the outside interface have no effect
    on traffic *to* the PIX, only on traffic *through* the PIX. To
    prevent the outside IP of the PIX from being pinged, use the
    PIX 'icmp' command.

    Note: to allow inside users to ping outside entities, you will
    probably find that you need to set your outside access list to
    permit icmp any any echo-reply
    --
    Most Windows users will run any old attachment you send them, so if
    you want to implicate someone you can just send them a Trojan
    -- Adam Langley
     
    Walter Roberson, Nov 23, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Jenssen

    Basic question: Pix & ICMP echo replies

    Jesper Jenssen, Nov 21, 2003, in forum: Cisco
    Replies:
    3
    Views:
    7,138
    Walter Roberson
    Nov 21, 2003
  2. The Entitty

    Pix ICMP Question

    The Entitty, Nov 26, 2003, in forum: Cisco
    Replies:
    1
    Views:
    1,935
    Walter Roberson
    Nov 27, 2003
  3. Alexandre Durbuy
    Replies:
    2
    Views:
    522
    Gerd EMail
    Jun 8, 2005
  4. Ralph (c)
    Replies:
    1
    Views:
    1,139
    Walter Roberson
    Aug 26, 2005
  5. Scott Townsend
    Replies:
    2
    Views:
    10,238
    Scott Townsend
    May 4, 2006
Loading...

Share This Page