Unwanted Ping response from Pix

Discussion in 'Cisco' started by Fred, Oct 26, 2004.

  1. Fred

    Fred Guest

    I have a Cisco Pix 501 (v 6.3)set up in a full meshed VPN network. (3 total
    nodes)
    The Pixes themselves respond to pings from the internet (non-vpn). How can i
    stop
    this? I want them to be "invisible" to the world.. there is no ICMP enabled
    (via conduits)
    or access-lists other than the VPN IP permit lists
    any help appreciated
    Fred, Oct 26, 2004
    #1
    1. Advertising

  2. In article <417eb365$1_3@127.0.0.1>, Fred <> wrote:
    :I have a Cisco Pix 501 (v 6.3)set up in a full meshed VPN network. (3 total
    :nodes)
    :The Pixes themselves respond to pings from the internet (non-vpn). How can i
    :stop
    :this?

    Configure icmp deny any echo outside


    :I want them to be "invisible" to the world..

    You would be breaking IP standards if you make them "invisible".
    You should be allowing for path MTU discovery, which could require
    that the PIX send back an icmp message in some circumstances.

    :there is no ICMP enabled
    :(via conduits)
    :eek:r access-lists other than the VPN IP permit lists

    Access lists and conduits only affect traffic that would pass
    through the pix, not how the PIX itself responds to icmp traffic
    that is directed to the PIX. The control over how PIX responds to
    icmp is through the 'icmp' command. The default if no 'icmp' command
    is in place is to allow all icmp.

    --
    So you found your solution
    What will be your last contribution?
    -- Supertramp (Fool's Overture)
    Walter Roberson, Oct 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    3
    Views:
    853
    Barry Margolin
    Sep 17, 2005
  2. T-Bone
    Replies:
    9
    Views:
    470
    Ben Smith
    Jun 30, 2005
  3. Replies:
    6
    Views:
    9,229
    Vincent C Jones
    Jan 24, 2006
  4. aditya
    Replies:
    2
    Views:
    1,008
    aditya
    Sep 4, 2006
  5. Darren Green

    ISDN Up But No Ping Response

    Darren Green, Apr 10, 2008, in forum: Cisco
    Replies:
    12
    Views:
    813
Loading...

Share This Page