hi,
in my config of pix525(6.3) i only two access-group lines: access-group ping_acl in interface inside access-group ping_acl in interface dmz and i can still ping outside interface from puside network? why is that?
hi,
in my config of pix525(6.3) i only two access-group lines: access-group ping_acl in interface inside access-group ping_acl in interface dmz and i can still ping outside interface from puside network? why is that?
Hi,
Are you saying that you are able to ping the outside interface from the inside network?
vreyesii
voytas wrote:
Showing us the access lists might help!
pinging of interfaces is controlled by the 'icmp' command, not by access-group .
regard, l
Walter Robers> >
ok, so the beginning.
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max
4096) alert-interval 300 access-list ping_acl; 1 elements access-list ping_acl line 1 permit icmp any any (hitcnt=15789) access-list acl_out; 2 elements access-list acl_out line 1 permit icmp any any (hitcnt=17) access-list acl_out line 2 permit tcp any host IP_my_www_server eq www (hitcnt=4)
tc
dabance napisal(a):
As Walter mentioned earlier, ICMP traffic bound for the PIX is not controlled by the normal access list.
There is a seperate ICMP access list:-
voytas wrote:
yeah, you aare right: command icmp
next time i two times ask google :)
thx
James napisal(a):
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.