Pix changes do no allow ICMP Traffic

Unanswered Question

I recently had to make some changes on a pix firewall that seperates two seperate internal subnets and now I cannot ping from the inside to the outside subnet. I openned up PPTP and cleaned up some other things that I didn't think were needed and may have cleaned up to much. The pix does not seperate the inside from the outside internet but only seperates one internal network from another. I use to be able to ping from the inside (secured) network to the outside (unsecured) network servers but not any more. Any help would be appreciated. Here is a sanitized copy of my configuration. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vitripat Fri, 03/23/2007 - 11:43
User Badges:
  • Gold, 750 points or more

I've checked your configuration and it looks good. It is open to allow inside hosts to ping servers on the outside due to following commands in-

access-list acl_out permit icmp any any echo-reply

access-group acl_out in interface outside

However as you mentioned that you are not, could you enable "debug icmp trace" on PIX and then try to ping outbound .. syslogs will also be helpful. Pass on the outputs please.




This Discussion