What is on your internal interface access-list wise ? Do you have an access-list 101 permit icmp any any echo ?
You must permit the ICMP echo through the inside, and the echo-reply through the outside... Thanks Larry -----Original Message----- From: Elijah Savage III [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 7:33 PM To: [EMAIL PROTECTED] Subject: Internal Users ping through a PIX [7:52962] Ok guys I am on my last leg with this one I seen a ton of examples but can't seem to get it working what am I doing wrong here. All I want is my internal users to be able to ping through the firewall to the net, but external users not be able to ping. Here is the last example I used that does not work. http://www.cisco.com/warp/public/110/single-net.shtml !--- Create an access-list to allow pings out and the return packets back in. access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable !--- Apply access-list 100 to the outside interface. access-group 100 in interface outside pixfirewall# sh version Cisco PIX Firewall Version 6.1(3) I appreciate your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52966&t=52962 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
