You have not mentioned any issues though. So I will guess you are somehow unhappy with the default Pix behavior. Did you want to deny all icmp requests? By default, after a certain rev of Pix code, icmp allows are on by default.
icmp deny any outside icmp deny any inside Once you place these rules, it will have a 'default deny' afterwards, so if you do icmp permit host 1.2.3.4 inside then... all hosts on the inside except for 1.2.3.4 can ping it. As for allowing people to ping "through" the pix, not sure if a static or anything like that would work (along with an acl). Doesn't seem to make much sense to allow an outsider to ping the inside of a pix anyway. Typically, the theory behind the pix (at least in it's latest incarnation) is that acls generally only apply to traffic traversing THROUGH the pix, not terminating at the pix or any of it's interfaces. For that, you need to find the magic "fudge" command, and in this case, the "icmp" commands are the fudge that determine if icmp will be permitted on the pix's inside or outside addresses. This is all well documented under this URL, assuming code rev 6.2 (you can just go up a tree to find the other revs) http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/bafwcfg.htm > I have a PIX 525. I am trying bring it up on my network. It is installed > virtually betrween my router and my ISP's router. While testing, I noticed > that from an inside host, I could ping my inside interface on the PIX, but > not the outside interface. From the ISP, they could ping my outside > interface but not my inside interface. From the PIX I can ping my outside > interface and beyond. > Any suggestions? > > Naomi James > Computer Services and Information Technology > Savannah State University > 912-356-2509 -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55556&t=55547 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
