PIX 501 and ICMP 1

[whocares23]

I want to stop the pix from responding to outside pings, etc. I've tried the following commands:
conduit deny icmp any any
access-list outside_access_in deny icmp any any
But the pix still responds. Anyone help a newbie? Thanks

 

[whocares23]

Sorry, can't find how to edit posts. Also added:
access-group outside_acl in interface outside

 

[boymarty24]

try this

icmp deny any echo-reply outside

 

[KiscoKid]

There is a command specifically to control ICMP pings to the pix, it is:

icmp deny any outside

This command came in around version 5.x or so. If you have an older PIXOS, refer to the following URL that breaks down what needs to be done for each release of PIXOS:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

 

[whocares23]

Thanks for the reply. The "icmp deny any outside" works fine. I have a question though. The pix501 has v6.3(5) installed with a very basic config. Just enough to get internet access and assign a dhcp pool. Why wouldn't either:
"conduit deny icmp any any", or
"access-list outside_acl deny icmp any any
access-group outside_acl in interface outside" achive the same result? Are the access list statments wrong, and if so how? Why doesn't the conduit command work? Any insight would be appreciated. Thanks