Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
2
Replies

PIX 506 Protocol ICMP Enable

ashokrr
Level 1
Level 1

‎08-05-2004 04:04 AM - edited ‎02-20-2020 11:32 PM

HI,

I have Cisco PIX firewall 506 in which by deafult ICMP is disable. I want to enable it for both inbound and outbound.

How to do this ? I tried with access-list permit ICMP any any nut not working...

Thank You

Vinod

0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎08-05-2004 04:31 AM

Hi,

Are you trying to ping devices that are routed through your firewall?

By default if you don't have access-lists applied to your inside interface then you should be able to ping devices on lower security levels.

If you are trying to ping from an outside host to an inside host then you need an access-list

"access-list outside_in permit icmp any any"

followed by

"access-group outside_in interface outside"

If you are trying to ping your outside interface from an outside host then you need

"icmp permit any outside".

By default you can only ping an interface on a PIX if your host resides on that interface or on a connected subnet.

i.e. you can ping the outside interface from an outside host, but you can't ping the inside interface from an outside host.

Rgds

Paddy

0 Helpful

Terry Pattinson
Level 1
Level 1
In response to paddyxdoyle

‎08-06-2004 06:16 AM

Keep in mind that ICMP fixup is relatively new. In order to ping inside to out, you need to allow icmp echo reply on the return path if ICMP fixup is not enabled or supported.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card