JamesLuther Tue, 02/17/2009 - 04:57
User Badges:
  • Silver, 250 points or more

Hello,


On PIX ICMP isn't stateful so you need to add a rule for the reply traffic liek so


access-list 101 extended permit icmp any any echo-reply


You can also tie down the "any any" to the subnets in question (remembering this is the reply traffic!!!)



Thanks

ciscosrini369 Wed, 02/18/2009 - 01:52
User Badges:

hi,

By default from high security level to lower security level icmp will be blocked, u need to apply acl for the same.


Actions

This Discussion