Solved: Ping through PIX515

pepetreshere · ‎04-11-2007

I'm trying to allow ping from the inside to the dmz zone. For this I have configured an ACL allowing all icmp traffic and applied it to the dmz interface, but it doesn't works. What would be the problem?

I have started from the default configuration and added only the following lines

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 inside security100

nameif ethernet1 dmz security60

access-list dmz_in permit icmp any any

access-list dmz_in permit ip any any

ip address inside 10.29.40.9 255.255.255.0

ip address dmz 192.168.23.14 255.255.255.0

access-group dmz_in in interface dmz

mark.hodge · ‎04-11-2007

You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.

View solution in original post

srue · ‎04-11-2007

can you pass other traffic to the dmz, besides icmp? if not, this might be a NAT issue. if you don't need nat from inside-> dmz, use something like the following:

static (inside,dmz) 192.168.1.1 192.168.1.1

where 192.168.1.1 is whatever host is on the inside that you're ping from.

mark.hodge · ‎04-11-2007

You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.