Re: Permit Ping access thru PIX FW [7:47193] posted 06/23/2002
- Subject: Re: Permit Ping access thru PIX FW [7:47193]
- From: "Gaz" <nobody@xxxxxxxxxxxxxx>
- Date: Sun, 23 Jun 2002 06:36:08 -0400
The short answer is - no.
The conduit command in this case is just allowing the reply to come back in.
The outgoing ping will be allowed out by default.
Unlike access lists the conduit does not specify which interface the 'rule'
is to be applied to, so, with the conduit command you will be letting
replies in from outside and from the DMZ.
An access list doing the same thing would need to be applied to both the DMZ
and the outside interface. For this reason, the conduit is nice for testing,
because it's one command instead of 3 minimum.
""Karagozian Sarkis"" wrote in message
> HI all
> BCMS book says: permit ping access thru the PIX Firewall with the
> conduit permit icmp any any command, letting hosts on the inside ping
> outside hosts.
> Does this mean I can't ping the dmz interface?? and it only allows pings
> from inside Interface to the Outiside global hosts ??
> for example: ping outside 4.22.122.xx (able to ping)
> But, ping dmz 18.104.22.168 (Not able to ping)
Message Posted at:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx