http://tech-recipes.disqus.com/Cookbook of Tech TutorialsenTue, 07 Sep 2004 22:47:05 -0000http://www.tech-recipes.com/rx/353/cisco-pix-allow-traffic-to-an-internal-host/#comment-2767361or rather ICMP doesn't JUST equal PING. Opening up all of the ICMP protocol allows source quenches, router redirection and a whole host of stuff that can cause problems. If all that is required is PING then restrict the traffic to echo request &lt;-&gt;echo reply.FlibbleTue, 07 Sep 2004 22:47:05 -0000http://www.tech-recipes.com/rx/353/cisco-pix-allow-traffic-to-an-internal-host/#comment-2767360Sorry I should have posted this above. Cisco has a tool on their website to help in converting conduits to ACLs. It works pretty well but YMMV. &lt;span style="text-decoration:underline"&gt;Always&lt;/span&gt; check the configuration file afterward.<br><br>Online tool:<br><a href="https://cco-dev.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl" rel="nofollow">https://cco-dev.cisco.com/cgi-bin/Support/Outpu...</a><br><br>Downloadable tool if you have a CCO login:<br><a href="http://www.cisco.com/cgi-bin/tablebuild.pl/pix" rel="nofollow">http://www.cisco.com/cgi-bin/tablebuild.pl/pix</a><br><br>-TomAnonymousWed, 09 Jun 2004 06:47:50 -0000http://www.tech-recipes.com/rx/353/cisco-pix-allow-traffic-to-an-internal-host/#comment-2767359FYI: ACL's were added in IOS 5.3. All major releases after 6.3 have dropped support for conduits and you must use ACLs.AnonymousWed, 09 Jun 2004 06:40:49 -0000