unable to ping firewall int other end

Unanswered Question
sve_subbu Tue, 01/29/2008 - 02:48
User Badges:

Hi Suresh,


Have you allowed ICMP on the PIX interface?


icmp permit 172.30.18.16 255.255.255.252



pjhenriqs Tue, 01/29/2008 - 04:04
User Badges:

Hi Suresh,


My debug advices are:


1. Enable debug ip icmp on router and debug icmp trace on the firewall. From each device try to ping the other and see if the ICMP echo request/reply reaches it.


2. Traceroute from one device to the other and check which route it takes. Since they are directly connected this should be just one step, but perhaps you have a typo on your subnets or something.


Also, can you ping from the router to the firewall? You seem to imply the problem is only from the firewall to the router and in that case it's definitely an access rule.


HTH,

Paulo

sureshkum Tue, 01/29/2008 - 06:23
User Badges:

Hi Paulo,


Thanks for ur response.

1.I have enabled Debug but its showing ICMP echo request only


2.tracert also not reaching


3.unble to ping both the devices each other.


4.i have not configured any acl related to these interfaces ip's.moreover as i told u above the ip's are directly connected each other one is in firewall interface other is in router F0.I have enabled icmp in firewall also..

sureshkum Tue, 01/29/2008 - 07:00
User Badges:

Hi,

If u can see the logs


%PIX-5-106100: access-list acl permitted icmp dmz1/172.30.8.18(0) -> dmz2/172.30.8.17(0) hit-cnt 1


Eventhought both the ip's are belongs to one interface pinging from one end other..how it is showing next like next interce name.could u plz explain me?

pjhenriqs Tue, 01/29/2008 - 09:01
User Badges:

I don't think it should and maybe that's the problem. Can you post your configuration here?


Paulo

sureshkum Tue, 01/29/2008 - 23:48
User Badges:

Hi,


Thanks.Kindly find the attached file.To establish the connectivity from 172.31.1.1 host to inside router network(172.16.59.128/25)am facing the above difficulties..but from some other interface to vendor interface traffic flows are going on but unable to ping from firewall. so please provide me the firewall config for the n\w diagram and router routes information to access from(Vendor(sec lev 30) to inside(sec lev 100)).



Actions

This Discussion