unable to ping firewall int other end

sve_subbu Tue, 01/29/2008 - 02:48
Hi Suresh,

Have you allowed ICMP on the PIX interface?

icmp permit

pjhenriqs Tue, 01/29/2008 - 04:04
Hi Suresh,

My debug advices are:

1. Enable debug ip icmp on router and debug icmp trace on the firewall. From each device try to ping the other and see if the ICMP echo request/reply reaches it.

2. Traceroute from one device to the other and check which route it takes. Since they are directly connected this should be just one step, but perhaps you have a typo on your subnets or something.

Also, can you ping from the router to the firewall? You seem to imply the problem is only from the firewall to the router and in that case it's definitely an access rule.



sureshkum Tue, 01/29/2008 - 06:23
Hi Paulo,

Thanks for ur response.

1.I have enabled Debug but its showing ICMP echo request only

2.tracert also not reaching

3.unble to ping both the devices each other.

4.i have not configured any acl related to these interfaces ip's.moreover as i told u above the ip's are directly connected each other one is in firewall interface other is in router F0.I have enabled icmp in firewall also..

sureshkum Tue, 01/29/2008 - 07:00
If u can see the logs

%PIX-5-106100: access-list acl permitted icmp dmz1/ -> dmz2/ hit-cnt 1

Eventhought both the ip's are belongs to one interface pinging from one end other..how it is showing next like next interce name.could u plz explain me?

pjhenriqs Tue, 01/29/2008 - 09:01
I don't think it should and maybe that's the problem. Can you post your configuration here?


sureshkum Tue, 01/29/2008 - 23:48
Thanks.Kindly find the attached file.To establish the connectivity from host to inside router network( facing the above difficulties..but from some other interface to vendor interface traffic flows are going on but unable to ping from firewall. so please provide me the firewall config for the n\w diagram and router routes information to access from(Vendor(sec lev 30) to inside(sec lev 100)).


