It should work with conduit permit icmp any any 0
That would allow the ping to return home, but should not allow ping requests from outside unless you have another "hole" somewhere else. Hth, Ole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.RouterChief.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Need a Job? http://www.OleDrews.com/job ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: x [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 6:46 AM To: [EMAIL PROTECTED] Subject: PIX 5.3 and icmp [7:41941] I want my internal users to be able to ping out, but I don't want anyone from the internet to ping my network or get any response at all. The best I have gotten to work so far is... conduit permit icmp any any echo-reply This lets machines on the internet ping us and we can ping outside. There are some icmp commands, but I wasn't able to get the desired result. Any ideas? __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41943&t=41941 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]