Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing ICMP in Pix without Conduit permit icmp any any command

Dear Sir,

I hope you must be doing good. i have 2 queries for you

regarding enabling ICMP on pix.

1) At one site we have pix, we have configured site to siet VPN on

it. At present we have the command "conduit permit icmp any any",

which enables us to ping any of the internet site. But the customer

wants to block any any and in stead of that he wants to allow icmp

from his LAN (192.168.1.0/24) to any of the outside destination. For

achieving this i have tried to define access-list in many ways as

follows but noe is successful. So for that i require your help. The

commands i tried are as follows.

access-list 110 permit icmp 192.168.1.0 255.255.255.0 any

access-group 110 in inside

conduit permit icmp 192.168.1.0 255.255.255.0 any

icmp permit 192.168.1.0 255.255.255.0 echo-reply outside

icmp permit 192.168.1.0 255.255.255.0 echo outside

The moment i remove the conduit permit icmp any any command and

issue any of the above command i could not ping any of the public

IPs.

Herewith i am attaching the config file for your kind reference.

Looking forward to your reply, i remain.

Thanks and regards,

Sairam Bharati

9818404250

sairam.bharati@gmail.com

1 REPLY

Re: Allowing ICMP in Pix without Conduit permit icmp any any com

354
Views
0
Helpful
1
Replies