Ping not Happening

Unanswered Question
Feb 11th, 2007

I have 6 interfaces in mt PIX515 firewall,E0 is connected to the Internet through router.

E1 interface is assigned as with,connected to a switch,in the same trusted network there is a Domino mail server,whose address is with

The E1 interface is connected to the fastethernet interface of teh router e0/0 whose address is with

The serial interface (whose Ip address is with connected to the remote site serial interface of a router (whose IP address is with leased line.

Fast ethernet interface of the remote router is aatache to teh switch whose IP address is with are some users in the network.

Routing in PIX:

route (outside) Internet net router serial interface.

route (outside) via

Local router :

Ip route via

Remote router :

IP route via

Domino Mail serevr :

route is added to reach the network.


The issue is we are able to PING the momino mail server from network sometimes only,most of the time we are not able to ping teh domino server.Locally from router we are able to PING.

Router fastethernet port is attached to the 16 port of the switch,PIX firewall E1 interface is attched to the 17 th port of the Switch,Domino Mail server is connected to tehe 18th port.All these ports are the member of teh VLAN 5.

Please help me to resolve the issue.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Sun, 02/11/2007 - 20:31

What's the next hop IP for the network pointing to on the Domino mail server? It s/b set to forward traffic destined for network to

Lavanholy Mon, 02/12/2007 - 19:58

Hi Sundar Palani,

Thanks . The next hop for the network to reach the Domino Mail server which is in (actual IP of the mail server is /30

I hope i answered your question.

Thanks and Regards,


Jon Marshall Mon, 02/12/2007 - 00:21


I'm confused with your topology. You have a pix with an E0 interface (outside) that connects to a router with connects you to the internet.

You have an E1 interface which is connected to a trusted network on which you have a domino server and a router. Is this router a different router ?.

This router that connects to the trusted network - is this the one with the serial connection to your remote site.

What i'm trying to work out is the path taken from your remote site to the domino server. You have a route on the pix for the network pointing to the outside.

Could you clarify the path.

As a side note, if you can ping sometimes but not others it could be a translation issue on the pix. If traffic from the remote site does come to the outside interface of the pix do you have a static transaltion setup for the domino server ?


Lavanholy Mon, 02/12/2007 - 20:46

Hi Jon,

Thanks.Yes you are right,I have one router for Internet which is connected to the E0 interface of the PIX.

Another router whose fastethernet is connected to a switch with the IP,the E1 interface of teh PIX ia also connected to the same switch with the IP,then there is a Domino Mail server whose IP is, is also in the same switch,all thse router fastethernet ,PIX E1 interface and the Domino mail server are the members of the VLAN 5.

Rounting in the ROUTER :

1. To reach teh via (Which is the remote route's serial interface IP which is at the remote site,this is teh third router)

Domino Mail Server.

To reach the via PIX E 1 interface

Routing in the PIX:

To reach the via which is the local router's fastethernet interface.

Is it o.k,I hope I gave u the needed inputs.

And you are telling about the Translation set in teh PIX,What it is ,how to configure?Please help me to resolve this issue.

Thankls and Regards,


Jon Marshall Tue, 02/13/2007 - 00:07


Why are you going via the pix to get to the remote end ?.

What version of code is the pix running. If it is 6.x then i don't think this will work as what is happening is this

1) The domino server tries to respond to a ping from the remote network.

2) The route to this network is the pix E1 interface. The domino server sends this packet to the pix.

3) The pix looks up the route and sees it has to send it to the fast ethernet interface of the router.

Trouble is the pix cannot route traffic back out an interface it has received traffic on, at least not prior to version 7.x.

So this will fail.

Why not point your route on the Domino server to the fast ethernet interface of the router ( )rather than the pix E1 interface. ?



Lavanholy Tue, 02/13/2007 - 00:15

Hi Jon,

Thanks for the info.This is the same question I have raised with my engineer who is at the site,What he says is the reason for routing through the PIX is to keep the LOG.To see the incoming traffic.

I will check up the version if it is 6.X then I will suggest to upgrade to 7.X.Will it work?

O.k I will get back to you.

Thanks and Regards,


Jon Marshall Tue, 02/13/2007 - 00:23


With version 7.x the pix can route traffic back out of an interface it received it on. Be aware tho that v7.x is significantly different in configuration than 6.x and if you are running a Pix 515E you might need a memory upgrade.

If you have a Pix 501 or 506E you cannot run v7.x on this.

If you need to log the traffic you could create an access-list on your router that allows traffic to and from your domino server and logs it and then have a "permit ip any any" for all the other traffic.

Just a thought.


Lavanholy Tue, 02/13/2007 - 01:20

Hi JOn,

Thanks a lot,I will try this and let you know.

Best Regards,



This Discussion