ICMP and PIX Firewalls

Unanswered Question
Dec 23rd, 2008

Fundamental issue here - must be me - I have a laptop plugged into the inside interface of my pix firewall (Pix 501). I have set up an ACL to deny icmp echo and icmp echo-reply FROM the laptop address TO the ip address of the inside interface. I have applied the ACL to the inside interface via an access-group command ("in"). And I can still ping the inside interface of the firewall from the laptop still. Debug icmp trace shows no hits. What am I doing wrong? Surely you can deny icmp in this way ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 12/23/2008 - 06:35


acl's control traffic through the pix not to pix interfaces. Try

pix(config)# icmp deny any inside



This Discussion