| Author |
question about ping from b/h pix
|
|
| darthfeces 2002-01-14, 10:48 am |
| i need to do some testing by pinging from behind our pix
need to ping from an internal 172.16.x.x to internet
and receive echo-reply thru g/w router and to the originating ip in the
pix.
i imagine i would have to allow echo-reply thru the pix and check the
router config ?
this is only for some testing isp is requesting and will be disabled
soon after | |
|
| what exactly is your question???
On the pix you can do a (show icmp). If this command displays nothing or icmp as not being enabled, you can enter the following commands:
icmp permit any outside
icmp permit any inside
also type (show access-list). If this command does not have a permit icmp any any before the deny statements, go ahead and add them as well. The latest versions of PIX all manage security with access-lists just like routers | |
|
|
|
| dartfecs this article expalins how to configure based on conduit and network statements. This is the old way of doing things for Cisco. Yes it works, but it would benefit you to learn the new access-list format. | |
| darthfeces 2002-01-15, 8:51 pm |
| aggreed
but, my company has chosen to leave conduits
for the time being due to the sheer number we
have configured and the effort required to convert them. we will soon set up a vpn and at that point most of the conduits will be removed and we will convert to access lists.
k | |
|
| check out Cisco's PDM and CSPM products. they make firewall management much easier than command line configuration. At my comany it is impossiblle to manage the firewalls without these gui's........ |
|
|
|