×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ping FWSM own interface

Unanswered Question
Jun 17th, 2003
User Badges:


Hi all,


Is it possible to ping the far side of the FWSM ?

i mean is it possible to ping from outside the inside interface of the FWSM

or from the inside ping the outside interface of FWSM.


From http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml


I read :


Pings to PIX's Own Interfaces


In PIX Software versions 4.1(6) until 5.2.1, ICMP traffic to the PIX's own interface is permitted; the PIX cannot be configured to not respond. You will not be able to ping interfaces on the "far side" of the PIX in any version. In our network diagram, you will be able to ping 10.1.1.1 from 10.1.1.5 or 200.1.1.1 from the outside, but you will not be able to ping 200.1.1.1 from 10.1.1.5, nor will you be able to ping 10.1.1.1, from the outside. Beginning in PIX Software version 5.2.1, ICMP is still permitted by default, but PIX ping responses from its own interfaces can be disabled with the icmp command (that is, a "stealth PIX").


Does it also apply to FWSM ?


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sghosh Tue, 06/17/2003 - 09:36
User Badges:

Hi,


You will not be able to ping the inside interface from outside.

But you will be able to ping the outside interface from outside and inside interface from inside, if you enable the following commands in FWSM.


icmp permit any inside

icmp permit any outside



Thanks

Sujit





Actions

This Discussion