You'll never be able to ping interface of the PIX that is not directly connected to you (like in your case). Not access-list, not icmp commands can enable that 'feature'.
-- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of dk Sent: Tuesday, April 09, 2002 10:14 AM To: [EMAIL PROTECTED] Subject: Re: PIX problem [7:40928] Thanks for the input, I have allowed the required icmp access ... To try and clarify ... I'm trying to ping the pix interface E1 (ip address 10.222.62.1) through pix interface E0 (ip address 10.222.33.1) from my workstation (ip address 10.222.32.100) I can successfully ping the PIX E0 interface and any devices on the 10.222.62.0 network going through the PIX E1 interface. but when I try to ping the PIX E1 interface itself I get no response no error is logged and the conduit hitcount is not incremented. Is it a feature? ----- Original Message ----- From: "HORVATH TAMAS" To: Sent: Tuesday, April 09, 2002 4:04 PM Subject: Re: PIX problem [7:40928] > Hi! > > See http://www.cisco.com/warp/customer/110/31.html > > > According to this document "Inbound ICMP through the PIX is denied by > default; outbound ICMP is permitted, but the incoming reply is denied by > default." So you can ping every PIX interface from the PIX and from the > directly connected LAN, but can't ping through the pix. > > I think you should not ping through the PIX default, just from the PIX (from > Telnet console). > > According to this document: "In PIX Software versions 4.1(6) until 5.2.1, > ICMP traffic to the PIX's own interface is permitted; the PIX cannot be > configured to not respond. Beginning in PIX Software version 5.2.1, ICMP is > still permitted by default, but PIX ping responses from its own interfaces > can be disabled with the icmp command (that is, a "stealth PIX")" > > > By, HT Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=40976&t=40928 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
