"icmp" command on the PIX allows/denies pinging interfaces of the PIX itself. It has nothing to do with pining through the PIX...
-- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:31 AM To: [EMAIL PROTECTED] Subject: RE: Internal Users ping through a PIX [7:52962] You need to use the following global command to enable icmp: icmp permit/deny ....... Here's the link for command reference: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/config/comm ands.htm#xtocid33 Thanks...............Nabil "I have never let my schooling interfere with my education." Lidiya White cc: Sent by: Subject: RE: Internal Users ping through a PIX [7:52962] nobody@groupstudy .com 09/09/2002 11:31 PM Please respond to Lidiya White The access-list is correct. There is something else that is going on. Use "debug icmp trace" to troubleshoot... How do you test this access-list? What are you trying to ping? -- Lidiya White -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Elijah Savage III Sent: Monday, September 09, 2002 7:33 PM To: [EMAIL PROTECTED] Subject: Internal Users ping through a PIX [7:52962] Ok guys I am on my last leg with this one I seen a ton of examples but can't seem to get it working what am I doing wrong here. All I want is my internal users to be able to ping through the firewall to the net, but external users not be able to ping. Here is the last example I used that does not work. http://www.cisco.com/warp/public/110/single-net.shtml !--- Create an access-list to allow pings out and the return packets back in. access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable !--- Apply access-list 100 to the outside interface. access-group 100 in interface outside pixfirewall# sh version Cisco PIX Firewall Version 6.1(3) I appreciate your help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52993&t=52962 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]