I am pinging the outside interface of the PIX from a subnet that is located on the outside interface. My host is 172.16.1.70 and the outside interface of the PIX is 172.16.1.73. The inside interface of the PIX is 192.168.1.73. The pix is running code 6.0(1) with pdm 1.11. I don't have any conduit or access-lists on the pix. The pix is not yet configured, I only apply IP address to the inside and outside interfaces. >From what I understand, one can NOT ping the outside of the PIX but some how I can. I am hoping someone can help me understand this because this is completely opposite of what cisco documentation stated.
Thanks. >From: "Jonathan Hays" >Reply-To: "Jonathan Hays" >To: [EMAIL PROTECTED] >Subject: Re: How can this be possible? Pinging the outside int [7:26738] >Date: Mon, 19 Nov 2001 13:31:46 -0500 > >Anh Lam wrote: > > > As I've said before, "conduit permit icmp" has been disabled; however, I >can > > still ping the outside interface which, based on Cisco doc, is NOT >possible. > >Anh, >We need some clarification here. > >Please state where you are trying to ping from. A subnet on the outside >interface? A >remote subnet? The a subnet on the inside interface? > >To paraphrase the Cisco documentation, the command "conduit permit icmp" >allows a ping >through the firewall, i.e., going from one PIX interface to another. Is >this >what you >are trying to block? If so, then you should verify you don't have another >path in >parallel. > >If you are trying to ping the outside interface from an outside host this >is >a different >situation. You need to read that URL more carefully. > >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/config.htm#xtocid366534 > >I quote: > >"Disabling Interface Pinging > >With pinging disabled, the PIX Firewall cannot be detected on the network. >The new icmp >command implements this feature. >This feature is also referred to as configurable proxy pinging. To disable >pinging, >first configure an access-list command >statement that permits or denies ICMP traffic that terminates at the PIX >Firewall unit, >and then add the appropriate icmp >command statement to your configuration." > >HTH _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26745&t=26738 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
