12-23-2008 06:28 AM - edited 03-11-2019 07:28 AM
Fundamental issue here - must be me - I have a laptop plugged into the inside interface of my pix firewall (Pix 501). I have set up an ACL to deny icmp echo and icmp echo-reply FROM the laptop address TO the ip address of the inside interface. I have applied the ACL to the inside interface via an access-group command ("in"). And I can still ping the inside interface of the firewall from the laptop still. Debug icmp trace shows no hits. What am I doing wrong? Surely you can deny icmp in this way ?
12-23-2008 06:35 AM
Peter
acl's control traffic through the pix not to pix interfaces. Try
pix(config)# icmp deny any inside
Jon
12-23-2008 11:53 AM
cheers Jon - that makes sense to me
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide