01-08-2008 03:40 PM - edited 03-11-2019 04:45 AM
icmp deny any outside
icmp permit any inside
icmp permit any dmz
The above statements are configured on my PIX
is there anything else I need to enable Ping from my PC to a web server on the DMZ?
01-08-2008 07:51 PM
The "icmp" commands only affect traffic TO the PIX itself, not THROUGH it. By default the PIX will only open holes for return traffic for TCP/UDP based traffic, not ICMP. To get it to allow your return ICMP packets back in you have to turn on ICMP inspection. Use the:
inspect icmp
inspect icmp error
under your global service-policy.
01-09-2008 10:05 AM
Thanks for your help, I'll give it a try.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: