Core issue
Resolution
Inbound Internet Control Message Protocol (ICMP) through the PIX is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default. To block ICMP traffic through the PIX, access list (ACL) entries to deny ICMP traffic through the PIX must be created. These are some examples:
- To deny ICMP through the PIX:
access-list 101 line 1 deny icmp any any
access-list 101 line 2 permit ip any any
access-group 101 in interface inside
Note: These ACL statements deny all ICMP traffic through the PIX and allow all other traffic. If there was only the deny ICMP line, all traffic is be denied.
- To deny ICMP to the PIX:
icmp deny 0 0 inside
icmp deny 0 0 outside
For details and other configuration examples, refer to Handling ICMP Pings with the PIX Firewall.
Problem Type
How to (General Information)
Troubleshoot software feature
Product Family
Firewall - PIX 500 seriesPIX Software Version
PIX version 5.x
PIX version 6.x
PIX version 7.x
Protocol / Ports
Internet Control Message Protocol (ICMP)Can You Ping...
Client can ping by name and IP