RE: [fw-wiz] firewall 501

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 10/01/04

  • Next message: Carric Dooley: "Re: [fw-wiz] DMZ Ideas"
    To: "Nelson Tolero" <nelson_tolero@ctlink.inc.com.ph>, <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 1 Oct 2004 08:25:41 -0400
    
    

    > im a new user of pix firewall and this is only my 1st time to
    > configure the 501 pix my question guys is how do i allow the
    > ping outside to the secure inside??? because in my case im
    > connected to the internet but when I tried to ping the public
    > site like www.yahoo.com or public ip address it say request
    > time out even though i can surf the internet.
    >
    > ex.
    > 203.319.21.xxx will be ping by 192.168.2.xxx
    > ping www.yahoo.com by 192.168.2.xxx

    ICMP isn't statefully tracked, so you must have a rule that allows the
    response back through the outside interface.

    access-list acl_out permit icmp any any eq echo-reply
    access-group acl_out in interface outside

    PaulM
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Carric Dooley: "Re: [fw-wiz] DMZ Ideas"

    Relevant Pages

    • Re: Cisco PIX Config Help Please
      ... >lower than the inside interface you will need an access-list to block ... nameif ethernet0 outside security0 ... access-list outside_access_in permit icmp any any ... access-group outside_access_in in interface outside ...
      (comp.security.firewalls)
    • Re: IPSEC to PIX 515
      ... IPSEC client connected to the pix. ... access-list outside permit icmp any any source-quench ... is the only host allowed to communicate out the savvist interface? ... an 'access-group': the PIX needs to internally manipulate access-group ...
      (comp.dcom.sys.cisco)
    • Re: PIX - restrict services
      ... on the inside lan that would not be reachable through the PIX: ... and the IP address of the inside interface itself. ... access-list 101 permit icmp any any echo-reply ... access-group 101 in interface outside ...
      (comp.dcom.sys.cisco)
    • ping outside interface on pix
      ... PIX Firewall Version 6.3 ... access-list acl_inside line 45 permit icmp 192.168.1.0 255.255.255.0 any ... but I can not ping it, ... access-list acl_inside line icmp 192.168.1.0 255.255.255.0 interface outside ...
      (comp.dcom.sys.cisco)
    • Re: cisco access list question
      ... > does any one know why you cant apply the same access-list to two ... > access-group ping_out in interface outside ... Just use conduit permit icmp any any. ...
      (comp.security.firewalls)