ping from inside 1

[galloshes]

Hi ALL,

I would like to be able to ping from network inside the PIX but do not want to open up holes from the outside.
What command(s) would I need?

many thanks

 

[EddieVenus]

either use the old conduit command
conduit permit icmp any any
or a better solution, much more secure one anyways is
access-list allowin permit icmp any any
access-group allowin in int outside
and even better is to refine it even more with
access-list allowin permit icmp any any echo-reply
access-list allowin permit icmp any any unreachable
access-list allowin permit icmp any any source-quench
access-list allowin permit icmp any any time-exceeded
access-group allowin in int outside

now you can ping to where ever you like and traceroute too.

Eddie Venus

 

[galloshes]

i'm using the conduit method
bit more info- I'm trying to allow ping from a specific machine inside the PIX to a specific url outside the PIX. Therefore I'm trying to allow outbound ping. Won't your example allow all types of ping in both directions?

 

[themut]

try to look at this link:

http://www.cisco.com/warp/public/110/31.html