Solved: PIX Outside Interface Ping Reply?

jrossouw · ‎03-18-2007

I'm fairly new to PIX and recently configured a new 506e running 6.3(5). Something I noticed straight after bringing the outside interface up was that I could ping the outside IP address from the internet (from different ISP). Is it suppose to be this way? I thought a PIX would block this by default? If this is correct, how do I block replies from this interface?

Jon Marshall · ‎03-18-2007

Hi

If you want to block icmp to your outside pix interface from config mode on the pix

"no icmp permit any outside"

You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not.

HTH

Jon

View solution in original post

Jon Marshall · ‎03-18-2007

Hi

If you want to block icmp to your outside pix interface from config mode on the pix

"no icmp permit any outside"

You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not.

HTH

Jon

jrossouw · ‎03-18-2007

Hi Jon. Thanks! That certainly helped. The answer is slightly different though. It should be "icmp deny any outside". That's all I needed.

Johan

Jon Marshall · ‎03-18-2007

Johan

Sorry about that, i slipped into IOS mode there :-)

Many thanks for the rating

Jon