Where in the documentation does it say it is not possible? I got documentation that says that by default you can ping to (not ping through) any PIX interface
""Anh Lam"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am pinging the outside interface of the PIX from a subnet that is located > on the outside interface. My host is 172.16.1.70 and the outside interface > of the PIX is 172.16.1.73. The inside interface of the PIX is 192.168.1.73. > The pix is running code 6.0(1) with pdm 1.11. > I don't have any conduit or access-lists on the pix. The pix is not yet > configured, I only apply IP address to the inside and outside interfaces. > From what I understand, one can NOT ping the outside of the PIX but some how > I can. I am hoping someone can help me understand this because this is > completely opposite of what cisco documentation stated. > > Thanks. > > > >From: "Jonathan Hays" > >Reply-To: "Jonathan Hays" > >To: [EMAIL PROTECTED] > >Subject: Re: How can this be possible? Pinging the outside int [7:26738] > >Date: Mon, 19 Nov 2001 13:31:46 -0500 > > > >Anh Lam wrote: > > > > > As I've said before, "conduit permit icmp" has been disabled; however, I > >can > > > still ping the outside interface which, based on Cisco doc, is NOT > >possible. > > > >Anh, > >We need some clarification here. > > > >Please state where you are trying to ping from. A subnet on the outside > >interface? A > >remote subnet? The a subnet on the inside interface? > > > >To paraphrase the Cisco documentation, the command "conduit permit icmp" > >allows a ping > >through the firewall, i.e., going from one PIX interface to another. Is > >this > >what you > >are trying to block? If so, then you should verify you don't have another > >path in > >parallel. > > > >If you are trying to ping the outside interface from an outside host this > >is > >a different > >situation. You need to read that URL more carefully. > > > >http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/con fig.htm#xtocid366534 > > > >I quote: > > > >"Disabling Interface Pinging > > > >With pinging disabled, the PIX Firewall cannot be detected on the network. > >The new icmp > >command implements this feature. > >This feature is also referred to as configurable proxy pinging. To disable > >pinging, > >first configure an access-list command > >statement that permits or denies ICMP traffic that terminates at the PIX > >Firewall unit, > >and then add the appropriate icmp > >command statement to your configuration." > > > >HTH > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26787&t=26738 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
