03-18-2007 04:14 AM - edited 03-11-2019 02:48 AM
I'm fairly new to PIX and recently configured a new 506e running 6.3(5). Something I noticed straight after bringing the outside interface up was that I could ping the outside IP address from the internet (from different ISP). Is it suppose to be this way? I thought a PIX would block this by default? If this is correct, how do I block replies from this interface?
Solved! Go to Solution.
03-18-2007 08:33 AM
Hi
If you want to block icmp to your outside pix interface from config mode on the pix
"no icmp permit any outside"
You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not.
HTH
Jon
03-18-2007 08:33 AM
Hi
If you want to block icmp to your outside pix interface from config mode on the pix
"no icmp permit any outside"
You can be more granular than this and allow certain addresses to ping your outside interface rather than deny all addresses as the above command does. I don't know whether you need this or not.
HTH
Jon
03-18-2007 08:44 AM
Hi Jon. Thanks! That certainly helped. The answer is slightly different though. It should be "icmp deny any outside". That's all I needed.
Johan
03-18-2007 10:09 AM
Johan
Sorry about that, i slipped into IOS mode there :-)
Many thanks for the rating
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide