pinging pix interfaces

enock_moubongo · ‎11-23-2001

Hi,

For some reasons i don't know a client wants absolutely to ping pix interfaces.

I explain, from one interface of the pix he wants to ping through pix to to reach the other interface of the pix,

Or through a network ping the interface of pix not in regard with that network.

Is it possible cause i didn't find any document ?

and where can i find the related document ?

Regards

danrodri · ‎11-23-2001

The icmp command can permit or deny ICMP requests directly to a PIX interface. Check out the command reference here.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/gl.htm#xtocid162635

example usage:

icmp deny any echo-reply outside

Now about pinging an PIX interface from a different network (i.e. thru the PIX). It depends if there is an access list or conduit allow the request and reply.

labinski · ‎11-24-2001

i have the same problem,(i need this feature to ping every interface of the pix from my inside Network management station)every config that was i trying was not working. maybe you can provide a working example configuration or tell me what is wrong in my example.

Thanks

Thomas

PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list allow-all permit ip any any

ip address outside 192.168.20.200 255.255.255.0

ip address inside 192.168.10.200 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.10.0 255.255.255.0 0 0

access-group allow-all in interface outside

access-group allow-all in interface inside

icmp permit any outside

icmp permit any inside

titansae · ‎12-19-2001

Try to use only this command for your needs:

icmp permit any any