RE: [fw-wiz] firewall 501

From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 10/01/04

  • Next message: Carric Dooley: "Re: [fw-wiz] DMZ Ideas"
    To: "Nelson Tolero" <nelson_tolero@ctlink.inc.com.ph>, <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 1 Oct 2004 08:25:41 -0400
    
    

    > im a new user of pix firewall and this is only my 1st time to
    > configure the 501 pix my question guys is how do i allow the
    > ping outside to the secure inside??? because in my case im
    > connected to the internet but when I tried to ping the public
    > site like www.yahoo.com or public ip address it say request
    > time out even though i can surf the internet.
    >
    > ex.
    > 203.319.21.xxx will be ping by 192.168.2.xxx
    > ping www.yahoo.com by 192.168.2.xxx

    ICMP isn't statefully tracked, so you must have a rule that allows the
    response back through the outside interface.

    access-list acl_out permit icmp any any eq echo-reply
    access-group acl_out in interface outside

    PaulM
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Carric Dooley: "Re: [fw-wiz] DMZ Ideas"