08-07-2004 05:34 AM - edited 02-20-2020 11:33 PM
Hi. I've just added a PIX 501 to my network and have noticed that with the default configuration the Firewall is repsonding to external pings/ICMP. The firewall currently has a basic configuration using PAT and connected to a 837 Router. From reading the documents online it was my understanding that ICMP was blocked by default to the external/outside connection. Just in case I had accidentally adjusted any settings I reset back to default, tested again, and the PIX again responded to pings.
Can anyone confirm whether ICMP is supposed to be disabled by default, and what configuration should exist that does this ?
If ICMP is not blocked by default, can anyone suggest which ICMP types should be allowed in from the external connection e.g. echo-reply, time-exceeded, unreachable etc
Cisco PIX Firewall Version 6.3(3)
Cisco PIX Device Manager Version 3.0(1)
Thanks for any help,
Stuart.
08-07-2004 11:21 AM
Hi,
Do you mean that from inside, if you ping any outside address, you are getting a reply? or do you mean if you ping the outside interface address from outside you are getting a reply?
Thanks
Nadeem
08-09-2004 02:08 PM
Hi Nadeem. If I ping my external/outside address from an external/outside network I get a reply.
Thanks,
Stuart.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide