Hi just wonder how can i stop icmp from outside at my PIX outside interface, i try to put acl on my access-group outside, but i can still ping from outside, am i missing something?
access-list acl_out deny icmp any any
access-group acl_out in interface outside
I presume you're trying to stop pings TO the PIX's outside interface, is that right?
Remember that ACL's only apply to traffic travelling THROUGH the PIX, not TO it specifically. If you want to stop the PIX from answering pings you need to use the "icmp" command.
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#1026574 for details.
You need to use the icmp command under privilige mode:
icmp deny any outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: