PIX Firewall - Can't Ping Inside Hosts from Outside Hosts

Unanswered Question
Feb 14th, 2008

I have multiple Interfaces connected to my PIX 525 (Version 6.3) but am having a particular connectivity issue with 2 of the Interfaces.

I cannot ping an Inside host on my internal network from a Third Party host on an external network.

I can ping the Third-Party host from an internal host fine, but the external to internal fails.

I've applied the following acl command on my Inside interface but it has not effect:

access-list acl_inside permit icmp any host 172.30.5.3 echo-reply

access-list acl_inside permit icmp any host 172.30.5.3 time-exceeded

To put it mildly, it's driving me nuts.

Help!!!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bwilmoth Wed, 02/20/2008 - 14:41

The most common reason for this problem is a misconfiguration of the Network Address Translation (NAT), such as not having the ip nat inside and ip nat outside commands on the appropriate interfaces. Another possible reason is that there is no Access Control List (ACL) configured for NAT specifying which hosts are permitted to use NAT.Ensure that the ip nat inside and ip nat outside commands are assigned to the correct interfaces. Check the ACL configured for NAT and make sure the inverse mask is correct.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

Actions

This Discussion