Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

LAN to outside pinging ..

Hi ,

I have a quick question .....

Using the PIX I can enable all the computers on the LAN to do a NAT and browse the internet. If I give the command no icmp any any .... all the ping packets from and to the firewall are blocked.

Can I see to it that a few of my clients are able to ping outside (ie to any public IP ) and the remaining do not have the ability to ping outside. I would like to know if this can be configured on the FIrewall and no configuration changes to be made at the client side. There is an option where in I can delete the Ping.exe from the client machine which i do not want to ping outside .... but I do not want to make any changes on the client side . Any inputs please.....

Thanx !


New Member

Re: LAN to outside pinging ..

You can enable pinging on an individual basis


access-list (interface_name) permit icmp (clientaddress) host any

If it's just ping you can nail it down with

access-list (interface_name) permit icmp (clientaddress) host any eq echo-reply

access-list (interface_name) permit icmp (clientaddress) host any eq time-exceeded

access-list (interface_name) permit icmp (clientaddress) host any unreachable.

It would be to easy to copy ping back onto their PC's. Doing it with the firewall will save a lot of time and hassle.