I'm fairly new to PIX and recently configured a new 506e running 6.3(5). Something I noticed straight after bringing the outside interface up was that I could ping the outside IP address from the internet (from different ISP). Is it suppose to be this way? I thought a PIX would block this by default? If this is correct, how do I block replies from this interface?
If you want to block icmp to your outside pix interface from config mode on the pix
"no icmp permit any outside"
You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not.