Unable to Ping

Unanswered Question
Jan 14th, 2008
User Badges:

Hi All,


I'm a Cisco Newbie. We recently had a PIX 515e installed.


Since the install I can now no longer Ping from my local workstation to the outside world, nor can I perform a tracert.


I have permitted icmp from any to any and still nothing.


Any advice would be greatly appreciated.


Thanks in advance

Stephen


I can however ping the outside world from my firewall ssh session.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stefshuuj Thu, 01/17/2008 - 15:56
User Badges:

Thanks all. I managed to fix it by using


• access-list ping_acl permit ip any any

• access-group ping_acl in interface outside


srue Thu, 01/17/2008 - 16:31
User Badges:
  • Blue, 1500 points or more

"permit ip any any" negates your firewall entirely. you may have 'fixed' icmp, but you 'broke' your firewall. Please read the aforementioned links immediately to remedy this.

If you told us what version OS you have we might be able to suggest something specific.

You could also delete your current ACL and just allow "icmp any any echo-reply"

In addition to gorge's link, also read this one on traceroute: http://www.cisco.com/warp/public/105/traceroute.shtml

Actions

This Discussion