This is driving me nuts. I have a clean 525 install and
I want to allow internal clients to ping outside hosts at will. I know the PIX allows ICMP outbound and drops the incoming reply by default. I have set the following ACL in our 525 (the only ACL configured for now):
access-list ping-out permit icmp any any
I then applied it to the outside interface (we only have two interfaces):
access-group ping-out in interface outside
No dice. I configured NAT with a small NAT pool and a failover PAT address. I also configured the interfaces. I can ping both interfaces from their respective networks (I can ping outside from the untrusted and the inside interface from the LAN). Again, expected and default behavior. Is the above access-list and access-group correct to allow ICMP replies inbound?
TIA
I want to allow internal clients to ping outside hosts at will. I know the PIX allows ICMP outbound and drops the incoming reply by default. I have set the following ACL in our 525 (the only ACL configured for now):
access-list ping-out permit icmp any any
I then applied it to the outside interface (we only have two interfaces):
access-group ping-out in interface outside
No dice. I configured NAT with a small NAT pool and a failover PAT address. I also configured the interfaces. I can ping both interfaces from their respective networks (I can ping outside from the untrusted and the inside interface from the LAN). Again, expected and default behavior. Is the above access-list and access-group correct to allow ICMP replies inbound?
TIA