Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
2
Replies

ICMP and PIX Firewalls

peter-net
Level 1
Level 1

‎12-23-2008 06:28 AM - edited ‎03-11-2019 07:28 AM

Fundamental issue here - must be me - I have a laptop plugged into the inside interface of my pix firewall (Pix 501). I have set up an ACL to deny icmp echo and icmp echo-reply FROM the laptop address TO the ip address of the inside interface. I have applied the ACL to the inside interface via an access-group command ("in"). And I can still ping the inside interface of the firewall from the laptop still. Debug icmp trace shows no hits. What am I doing wrong? Surely you can deny icmp in this way ?

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎12-23-2008 06:35 AM

Peter

acl's control traffic through the pix not to pix interfaces. Try

pix(config)# icmp deny any inside

Jon

0 Helpful

peter-net
Level 1
Level 1
In response to Jon Marshall

‎12-23-2008 11:53 AM

cheers Jon - that makes sense to me

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card