Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ping & Trace Route from inside a PIX firewall,

Status
Not open for further replies.

geemul

MIS
Jul 15, 2010
8
AU
Hello Team,
I wish to be able to ping and trace route from within my network protected by both PIX506e and 501 routers.

I also wish the routers to ignore ping and trace route's originating from the internet.

What do I need to do in the setup of the devices to achieve the above?

Thanks,
Geoff
 
Unless you have specifically allowed it then by default both of those are true. You should be able to ping and trace inside your network and no one can ping/trace to the inside your network from the internet.

 
Hello,
Thanks for the reply which definitely answered the questions as I asked them!
Unfortunately after reading my questions I realise the way I worded them was quite ambiguous .

What I want to do is be able to ping and run trace routes to hosts on the internet from clients on my protected network but have my PIX not respond to ping or trace routes originating from the internet.

Thanks,
Geoff
 
By default this should also be true (after setting up NAT of course). When a host inside your network ping/trace to an outside host the PIX will setup via NAT a "mapping" so replies will be sent back to the host inside your private network. Also, the host on the internet cannot directly access your machine via NAT (unless you setup static NAT for that host) it can only reply to requests from your machine.

On the other hand the PIX itself will not reply to ping/trace from a host on the internet by default since it comes with a deny any any access list for its outside interface.
 

Ok, now I see my error!

I haven't configured NAT!

Thank you very much for your help.

Geoff
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top