Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1325
Views
0
Helpful
2
Replies

Block ICMP at PIX outside interface

tkpsimon
Level 1
Level 1

‎12-03-2003 01:25 PM

Hi just wonder how can i stop icmp from outside at my PIX outside interface, i try to put acl on my access-group outside, but i can still ping from outside, am i missing something?

access-list acl_out deny icmp any any

access-group acl_out in interface outside

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-03-2003 05:09 PM

I presume you're trying to stop pings TO the PIX's outside interface, is that right?

Remember that ACL's only apply to traffic travelling THROUGH the PIX, not TO it specifically. If you want to stop the PIX from answering pings you need to use the "icmp" command.

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1026574 for details.

0 Helpful

minoc
Level 1
Level 1

‎12-16-2003 11:41 AM

You need to use the icmp command under privilige mode:

conf t

icmp deny any outside

Regards,

Carlos Roque

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents