I am a bit new so forgive any Cisco speak I don't speak. So I am adding a second ISP to my existing PIX firewall. I have read, and think I understand how to set it up but I am having an issue confirming ping to my primary ISP gateway. I am about to setup IP SLA to monitor the outside next hop but I wanted to confirm ping. From telnet I cannot ping the router IP(ISP gateway), if I apply an access rule to the outside interface to allow ping, no good however I can ping from a machine on the inside network(have access rule for this as well). If I disable the outside rule ping is blocked. I am confused on how I can check that the firewall can ping the gateway or am I missing a configuration. I assumed that I would simply exit the outside interface when sending a ping from a telnet session. PIX8.02 on a 525. Any guidance is appreciated.
Access-lists only control ping going through the firewall and not to the firewall itself.
To allow ping to an interface on the pix you need to use the "icmp permit .." command -