You can use the "icmp permit" to allow the icmp through. As well cisco recommends you allow unreachable through for SIP.
By default all PIX interfaces will respond to icmp echo-reply. You must deny this with the "icmp deny" command. As well you can you a acl to apply to the icmp permit match acl command, to make the icmp echo-request more granular. Conduits are the old way of blasting a hole in the pix. Cisco recommends the trend of acl and icmp permit statement to mitigate attacks. Cheers, Jamie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lynne Padgett Sent: July 17, 2003 7:09 PM To: [EMAIL PROTECTED] Subject: RE: Access list or Conduit? [7:72514] I agree. If I recall correctly, this change was implemented in the later versions of 5.x and conduits aren't used at all in the 6.x versions. Cisco did this to make the firewall code more IOS like. -----Original Message----- From: Wilmes, Rusty Sent: Thu Jul 17 20:37:15 2003 To: [EMAIL PROTECTED] Subject: RE: Access list or Conduit? [7:72514] my understanding is conduits are the same as access lists but are being phased out and replaced by access lists so that syntax is more uniform across platforms. -----Original Message----- From: E. Keith J. [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 2:12 PM To: [EMAIL PROTECTED] Subject: Access list or Conduit? [7:72514] Hi all The boss wants to allow ping. In the website I found the way by using an access list. In another config I see a conduit is used. What is the difference between using a conduit and an access list to allow ping Is it that a conduit is to a specific host Rather than permit any? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72552&t=72514 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
