PIX Minimum ICMP, please read my question

Discussion in 'Cisco' started by fnu-10a4, Nov 23, 2004.

  1. fnu-10a4

    fnu-10a4 Guest

    Hello,

    I am doing the following setup for 3 Pix 515.

    The inside networks get nated to the external interface of the
    firewall which has an Internet IP.

    I need to:

    .. Make sure the inside users can ping the outside world,
    .. Make sure the external IP of the firewall can not be pinged.

    How to do this?

    At the moment, I use an accesss-list 10 on the external interface
    allowing icmp any any ..... but it is bad!

    Many thanks,

    Alain
     
    fnu-10a4, Nov 23, 2004
    #1
    1. Advertisements

  2. :I am doing the following setup for 3 Pix 515.

    :. Make sure the external IP of the firewall can not be pinged.

    :How to do this?

    :At the moment, I use an accesss-list 10 on the external interface
    :allowing icmp any any ..... but it is bad!

    access-lists applied to the outside interface have no effect
    on traffic *to* the PIX, only on traffic *through* the PIX. To
    prevent the outside IP of the PIX from being pinged, use the
    PIX 'icmp' command.

    Note: to allow inside users to ping outside entities, you will
    probably find that you need to set your outside access list to
    permit icmp any any echo-reply
     
    Walter Roberson, Nov 23, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.