Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
5
Helpful
2
Replies

Does need to block the outside interface?

morganstanleylau
Level 1
Level 1

‎01-26-2005 08:23 PM - edited ‎03-09-2019 10:08 AM

Hi all,

Does it need to set ACL to block the outside interface , because i want to outside interface not allow people to ping and so on ...... , pls advise

Stanley

Labels:
0 Helpful
2 Replies 2

aashish.c
Level 4
Level 4

‎01-26-2005 10:53 PM

Hi Stanley,

On PIX, by default users on outside interface are not able to ping or access the inside network. They will not even get any response if they try to ping their outside interface, because ICMP are by default blocked on all the interfaces of PIX.

To allow the outside users to ping outside users, put this ACL :

access-list acl_out permit icmp any Ip_addr_out_intf.

access-group acl_out in interface outside

If you want to ping internal users, then :

access-list acl_out permit icmp any any

access-group acl_out in interface outside

kindly update for further queries :

regards

aashish C

morganstanleylau
Level 1
Level 1
In response to aashish.c

‎01-27-2005 06:48 AM

Hi aashish C ,

Thanks you for your information

Becuase i dont want outside interface give any poeple ping or access any port in my PIX

All my best

Stanley

0 Helpful
Customers Also Viewed These Support Documents