cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
7
Replies

unable to ping firewall int other end

sureshkumar
Level 1
Level 1

in my firewall interface ip is 172.30.8.17..it is connected to the router f0 ip 172.30.8.18..interface status r up in both the devices.but unable to ping from firewall to 172.30.8.18..please provide me information abt the basic troubleshooting methods

7 Replies 7

sve_subbu
Level 1
Level 1

Hi Suresh,

Have you allowed ICMP on the PIX interface?

icmp permit 172.30.18.16 255.255.255.252

Hi,

Thanks. but still unable to ..

pjhenriqs
Level 1
Level 1

Hi Suresh,

My debug advices are:

1. Enable debug ip icmp on router and debug icmp trace on the firewall. From each device try to ping the other and see if the ICMP echo request/reply reaches it.

2. Traceroute from one device to the other and check which route it takes. Since they are directly connected this should be just one step, but perhaps you have a typo on your subnets or something.

Also, can you ping from the router to the firewall? You seem to imply the problem is only from the firewall to the router and in that case it's definitely an access rule.

HTH,

Paulo

Hi Paulo,

Thanks for ur response.

1.I have enabled Debug but its showing ICMP echo request only

2.tracert also not reaching

3.unble to ping both the devices each other.

4.i have not configured any acl related to these interfaces ip's.moreover as i told u above the ip's are directly connected each other one is in firewall interface other is in router F0.I have enabled icmp in firewall also..

Hi,

If u can see the logs

%PIX-5-106100: access-list acl permitted icmp dmz1/172.30.8.18(0) -> dmz2/172.30.8.17(0) hit-cnt 1

Eventhought both the ip's are belongs to one interface pinging from one end other..how it is showing next like next interce name.could u plz explain me?

I don't think it should and maybe that's the problem. Can you post your configuration here?

Paulo

Hi,

Thanks.Kindly find the attached file.To establish the connectivity from 172.31.1.1 host to inside router network(172.16.59.128/25)am facing the above difficulties..but from some other interface to vendor interface traffic flows are going on but unable to ping from firewall. so please provide me the firewall config for the n\w diagram and router routes information to access from(Vendor(sec lev 30) to inside(sec lev 100)).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: