Re: Pix Firewall Issue

Kenny Sallee Wed, 07 Feb 2001 15:54:29 -0800
Actually it's not a good idea to do a 'conduit permit icmp any any'.  If you
want ping traffic to originate inside then do this:

conduit permit icmp 208.184.23.0 255.255.255.0 any echoreply

Think about the way ping works - your workstation sends an icmp echo - the
end station sends an icmp echo-reply - which from the PIX standpoint is a
new inbound packet ( cuz it's stateless ).  Therefore - let the echo-reply
in only.  Not all ICMP messages.

Kenny

"Daniel Cotts" <[EMAIL PROTECTED]> wrote in message
303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1">news:303479FA060CD211B8930000F805A88AA10F4C@EXCHANGE1...
> You're not telling us from where you are pinging. From the PIX? From a
host
> behind the Firewall? From a host outside the Firewall?
> Anyway this command is good to have in later versions if you want pings to
> traverse the PIX.
> conduit permit icmp any any
> You may also want to modify that command or eliminate it, if you want to
> enforce a stronger policy.
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
> fig.htm#xtocid1091627
>
> > -----Original Message-----
> > From: exchange [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 07, 2001 1:09 PM
> > To: '[EMAIL PROTECTED]'
> > Subject: Pix Firewall Issue
> >
> >
> > Hi Gang,
> >
> > I have a Pix Firewall 520 and wondered if this was a feature or a
> > configuration issue on my firwall.  We have an entire class C
> > address say
> > 208.184.23.x to use for our network. We use the 192.168.1.x
> > network for our
> > internal network.  I am having problems pinging a machine's
> > Internet ip
> > address say 208.184.23.11 which I noticed is statically mapped to it's
> > internal address say 192.168.1.10 on the pix.
> >
> > For example, If I ping another box 208.184.23.12 and not
> > statically mapped
> > to a internal ip address on the pix, I get a response.
> >
> > Any help or hints would be greatly appreciated.
> >
> > Thanks!
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct
> > and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall Issue

Reply via email to
