Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
75
Views
0
Helpful
0
Comments

How to deny ICMP through the PIX

TCC_2
Level 10
Level 10

‎06-17-2009 06:38 PM - edited ‎03-12-2019 08:11 AM

Core issue

Resolution

Inbound Internet Control Message Protocol (ICMP) through the PIX is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.

To block ICMP traffic through the PIX, access list (ACL) entries to deny ICMP traffic through the PIX must be created. These are some examples:

  • To deny ICMP through the PIX:
    access-list 101 line 1 deny icmp any any

access-list 101 line 2 permit ip any any

access-group 101 in interface inside

    Note: These ACL statements deny all ICMP traffic through the PIX and allow all other traffic. If there was only the deny ICMP line, all traffic is be denied.

  • To deny ICMP to the PIX: 
    icmp deny 0 0 inside

icmp deny 0 0 outside

    For details and other configuration examples, refer to Handling ICMP Pings with the PIX Firewall.

Problem Type

How to (General Information)

Troubleshoot software feature

Product Family

Firewall - PIX 500 series

PIX Software Version

PIX version 5.x

PIX version 6.x

PIX version 7.x

Protocol / Ports

Internet Control Message Protocol (ICMP)

Can You Ping...

Client can ping by name and IP
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents