The default behavior of a vanilla configuration with no conduits and no outbounds is that no traffic can originate from the outside to the inside and responses to any traffic that was requested from the inside are allowed back in EXCEPT for ICMP traffic. You must explicitly allow ICMP (in this case, just echo replies are needed) conduit permit icmp any any echo-reply Dave -----Original Message----- From: Harry Whitehouse [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 07, 2000 3:47 AM To: [EMAIL PROTECTED] Subject: Pinging Outside IP Addresses from the Inside: PIX >From reading the PIX docs, I think I see how I can make my inside servers "pingable" from the outside. I'm actually not interested in doing that however. But I realized that I don't seem to have this capability from a workstation inside the network. IOW I can't seem to ping an outside address from a workstation on my internal network. The PIX log seems to show that the response from the outside is blocked (ICMP?). 1. If I wanted to permit pinging of outside addresses, how would I configure my PIX. 2. Does giving this capability to inside workstations open any security holes? TIA Harry - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
