Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing ICMP in Pix without Conduit permit icmp any any command

Dear Sir,

I hope you must be doing good. i have 2 queries for you

regarding enabling ICMP on pix.

1) At one site we have pix, we have configured site to siet VPN on

it. At present we have the command "conduit permit icmp any any",

which enables us to ping any of the internet site. But the customer

wants to block any any and in stead of that he wants to allow icmp

from his LAN ( to any of the outside destination. For

achieving this i have tried to define access-list in many ways as

follows but noe is successful. So for that i require your help. The

commands i tried are as follows.

access-list 110 permit icmp any

access-group 110 in inside

conduit permit icmp any

icmp permit echo-reply outside

icmp permit echo outside

The moment i remove the conduit permit icmp any any command and

issue any of the above command i could not ping any of the public


Herewith i am attaching the config file for your kind reference.

Looking forward to your reply, i remain.

Thanks and regards,

Sairam Bharati



Re: Allowing ICMP in Pix without Conduit permit icmp any any com