pix515 no resolution from inside

Answered Question
Jun 26th, 2007
User Badges:

I configured a pix 515. users in the lan can ping machine on the internet but cannot load any internet pages. pc on the lan have the right dns server.

please how can i resolv the dns problem ?

Correct Answer by acomiskey about 9 years 11 months ago

no access-list ping_acl permit icmp any any

no access-group ping_acl in interface inside


You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...


access-list acl_out permit icmp any any echo-reply


Please rate if this helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
acomiskey Tue, 06/26/2007 - 08:37
User Badges:
  • Green, 3000 points or more

Is there an acl on the inside interface?

dom.a Wed, 06/27/2007 - 00:23
User Badges:

hi,


Yes, just one to permit ping :

access-list ping_acl permit icmp any any

access-group ping_acl in interface inside


Find attached the configuration file.


Regards



Attachment: 
dom.a Wed, 06/27/2007 - 00:45
User Badges:

ok,


addind a line like with an acl? how ?


access-list out_acl permit tcp inside-network any eq 80


is it correct ?


Regards

Correct Answer
acomiskey Wed, 06/27/2007 - 04:51
User Badges:
  • Green, 3000 points or more

no access-list ping_acl permit icmp any any

no access-group ping_acl in interface inside


You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...


access-list acl_out permit icmp any any echo-reply


Please rate if this helps.

Actions

This Discussion