Unable to Ping from an Inside Host to DMZ Webservers

Unanswered Question
Jan 8th, 2008
User Badges:

icmp deny any outside

icmp permit any inside

icmp permit any dmz


The above statements are configured on my PIX

is there anything else I need to enable Ping from my PC to a web server on the DMZ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Tue, 01/08/2008 - 19:51
User Badges:
  • Cisco Employee,

The "icmp" commands only affect traffic TO the PIX itself, not THROUGH it. By default the PIX will only open holes for return traffic for TCP/UDP based traffic, not ICMP. To get it to allow your return ICMP packets back in you have to turn on ICMP inspection. Use the:


inspect icmp

inspect icmp error


under your global service-policy.



Actions

This Discussion