Some of the content of the ICMP protocol is described a lot. We will not go into details about its basic content here. First, for its applications, we know that it is often encountered in firewall settings. Today we will introduce some specific instructions in the Ping command. For inbound icmp usage.
Process ICMP Ping and PIX Firewall
Internet Control Information Protocol (ICMP) ping is handled in the PIX Firewall according to the different version of the PIX code. The information in this article is based on the following software and hardware versions. PIX Software Version 4.1 (6) from 5.0.1 and later. The information provided in this article is created from a device in a specific lab environment. All devices used in this article start with a default) configuration. If you work on a real network, make sure you understand the potential impact of all commands before using it.
Ping through PIX
PIX software version 5.0.1 or later
By default, inbound icmp is denied through the PIX. When an Outbound ICMP request is allowed, the INBOUND response is denied by default.
Ping Inbound
Inbound icmp allows statements with pipelines or columns to be accessed. You can use these statements in the PIX. Do not mix the Transportation Channels and access control lists. In ICMP 10.1.1.5 (static to 200.1.1.5) where all devices exceed the allowed devices ):
static (inside,outside) 200.1.1.5 10.1.1.5 netmask 255.255.255.255 0 0
!--- and either
conduit permit icmp 200.1.1.5 255.255.255.255 0.0.0.0 0.0.0.0 echo
!--- or
access-list 101 permit icmp any host 200.1.1.5 echo
access-group 101 in interface outside
Ping outbound