I am dealing with a PIX 515 at the moment with VPN.
The network behind interface inside is 192.168.10.0/27. Going to the internet, the hosts are nated to the external if.
The access-list for internet traffic is
access-list internet_out; 5 elements access-list internet_out line 1 permit udp any any eq domain (hitcnt=458) access-list internet_out line 2 permit tcp any any eq www (hitcnt=2237) access-list internet_out line 3 permit tcp any any eq https (hitcnt=81) access-list internet_out line 4 permit tcp any any eq ftp (hitcnt=0) access-list internet_out line 5 permit icmp any any (hitcnt=365)
I've got also this access-list
access-list ANY_ICMP; 1 elements access-list ANY_ICMP line 1 permit icmp any any (hitcnt=69)
and the access-group is
access-group ANY_ICMP in interface external
It works but the firewall can be pinged from the outside Internet. I do not like it.
What is the commands to type to have only the inside hosts to ping the hosts on the internet and the PIX to do not being pinged on its external interface?
Thank you very much,