Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
1
Replies

LAN to outside pinging ..

tauseef
Level 1
Level 1

‎10-02-2001 03:28 AM - edited ‎03-08-2019 08:48 PM

Hi ,

I have a quick question .....

Using the PIX I can enable all the computers on the LAN to do a NAT and browse the internet. If I give the command no icmp any any .... all the ping packets from and to the firewall are blocked.

Can I see to it that a few of my clients are able to ping outside (ie to any public IP ) and the remaining do not have the ability to ping outside. I would like to know if this can be configured on the FIrewall and no configuration changes to be made at the client side. There is an option where in I can delete the Ping.exe from the client machine which i do not want to ping outside .... but I do not want to make any changes on the client side . Any inputs please.....

Thanx !

Tauseef

tauseef@cadgulf.com

Labels:
0 Helpful
1 Reply 1

thompson
Level 1
Level 1

‎10-02-2001 12:50 PM

You can enable pinging on an individual basis

ie

access-list (interface_name) permit icmp (clientaddress) host any

If it's just ping you can nail it down with

access-list (interface_name) permit icmp (clientaddress) host any eq echo-reply

access-list (interface_name) permit icmp (clientaddress) host any eq time-exceeded

access-list (interface_name) permit icmp (clientaddress) host any unreachable.

It would be to easy to copy ping back onto their PC's. Doing it with the firewall will save a lot of time and hassle.

0 Helpful
Customers Also Viewed These Support Documents