[Last Call] Learn how to a build a cloud-first strategyRegister Now


ICMP and Exchange

Posted on 2005-04-25
Medium Priority
Last Modified: 2010-04-08
I added these line into a PIX 515 to prevent it from responding to pings initiated on the outside.  That has worked, but in the process I have prevented one of our other sites from accessing Exchange.  This site connects over a VPN connection to ours.   Once I took the lines out, mail worked fine again for them.  Are there other ICMP types I would need to add for Exchange, or is there a way I can allow all ICMP from that remote site through?

access-list inbound-traffic permit icmp any any unreachable
access-list inbound-traffic permit icmp any any echo-reply
access-list inbound-traffic permit icmp any any time-exceeded
icmp deny any outside
Question by:leerlp
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 13858230
You can easily allow icmp from select hosts..

access-list inbound-traffic permit icmp host a.b.c.d any
access-list inbound-traffic permit icmp <subnet> <mask> any

I'm not sure why that one site refuses to "play" with Exchange without icmp, but I'm not an Exchange expert by any means...

Author Comment

ID: 13858909
It looks like that took care of it.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question