ICMP
Inbound ICMP cartage can be controlled application the icmp command, which only
filters ICMP cartage absolute on one of the PIX interfaces, not traversing the
PIX.The command has the afterward syntax:
Passing Cartage • Chapter 3 115
icmp {permit|deny}
The ip_address constant is the antecedent abode of the ICMP packet that will
be denied or permitted.The netmask constant is the affectation associated with the
ip_address parameter.The icmp_type constant specifies the ICMP blazon to be
denied or permitted. A account of the ICMP blazon ethics was presented beforehand in Table
3.3.The if_name constant is the interface to which this ICMP clarify will be
applied.
The afterward command permits the DMZ interface to acknowledge to pings
from arrangement 172.16.0.0 255.255.240.0:
PIX1(config)# icmp admittance 172.16.0.0 255.240.0.0 answer dmz