How to set a PIX 6.3, to allow ICMP replies from inbound initiated icmp traffic.
i.e Allow a computer on the inside interface to ping external (outside computers).
By default outbound icmp traffic is allowed but the responses are denied.
First we need to create a access-list to allow the types of icmp traffic.
example:
access-list 155 permit icmp any host 192.168.72. echo-reply
access-list <acl id> permit <protocol> any host <host ip> echo-reply
any – is shorthand for any ip (0.0.0.0) with any subnet (wildcard mask 255.255.255.255.)
host – short hand for wildcard mask of (0.0.0.0)
With the acl setup we need to bind the acl to the outside interface on inbound traffic.
<note: only assign one access-group to an interface, if you already have one don’t add another.>
access-group 155 in interface outside
No comments:
Post a Comment