Inbound icmp-related operations to complete firewall processing (1)

Source: Internet
Author: User

Some of the content of the ICMP protocol is described a lot. We will not go into details about its basic content here. First, for its applications, we know that it is often encountered in firewall settings. Today we will introduce some specific instructions in the Ping command. For inbound icmp usage.

Process ICMP Ping and PIX Firewall

Internet Control Information Protocol (ICMP) ping is handled in the PIX Firewall according to the different version of the PIX code. The information in this article is based on the following software and hardware versions. PIX Software Version 4.1 (6) from 5.0.1 and later. The information provided in this article is created from a device in a specific lab environment. All devices used in this article start with a default) configuration. If you work on a real network, make sure you understand the potential impact of all commands before using it.

Ping through PIX

PIX software version 5.0.1 or later

By default, inbound icmp is denied through the PIX. When an Outbound ICMP request is allowed, the INBOUND response is denied by default.

Ping Inbound

Inbound icmp allows statements with pipelines or columns to be accessed. You can use these statements in the PIX. Do not mix the Transportation Channels and access control lists. In ICMP 10.1.1.5 (static to 200.1.1.5) where all devices exceed the allowed devices ):

static (inside,outside) 200.1.1.5 10.1.1.5 netmask 255.255.255.255 0 0

!--- and either

conduit permit icmp 200.1.1.5 255.255.255.255 0.0.0.0 0.0.0.0 echo

!--- or

access-list 101 permit icmp any host 200.1.1.5 echo
access-group 101 in interface outside

Ping outbound


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.