https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679627#M1022943 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>If you want to block icmp to your outside pix interface from config mode on the pix </P><P></P><P>"no icmp permit any outside"</P><P></P><P>You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not. </P><P></P><P>HTH </P><P></P><P>Jon </P><P></P></BODY></HTML> Sun, 18 Mar 2007 15:33:22 GMT Jon Marshall 2007-03-18T15:33:22Z https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679626#M1022939 <P>I'm fairly new to PIX and recently configured a new 506e running 6.3(5). Something I noticed straight after bringing the outside interface up was that I could ping the outside IP address from the internet (from different ISP). Is it suppose to be this way? I thought a PIX would block this by default? If this is correct, how do I block replies from this interface?</P> Mon, 11 Mar 2019 09:48:08 GMT https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679626#M1022939 jrossouw 2019-03-11T09:48:08Z https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679627#M1022943 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>If you want to block icmp to your outside pix interface from config mode on the pix </P><P></P><P>"no icmp permit any outside"</P><P></P><P>You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not. </P><P></P><P>HTH </P><P></P><P>Jon </P><P></P></BODY></HTML> Sun, 18 Mar 2007 15:33:22 GMT https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679627#M1022943 Jon Marshall 2007-03-18T15:33:22Z https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679628#M1022945 <HTML><HEAD></HEAD><BODY><P>Hi Jon. Thanks! That certainly helped. The answer is slightly different though. It should be "icmp deny any outside". That's all I needed. </P><P></P><P>Johan</P></BODY></HTML> Sun, 18 Mar 2007 15:44:59 GMT https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679628#M1022945 jrossouw 2007-03-18T15:44:59Z https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679629#M1022947 <HTML><HEAD></HEAD><BODY><P>Johan </P><P></P><P>Sorry about that, i slipped into IOS mode there <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Many thanks for the rating </P><P></P><P>Jon </P></BODY></HTML> Sun, 18 Mar 2007 17:09:13 GMT https://community.cisco.com/t5/network-security/pix-outside-interface-ping-reply/m-p/679629#M1022947 Jon Marshall 2007-03-18T17:09:13Z