PIX Firewall - Can't Ping Inside Hosts from Outside Hosts

Unanswered Question
Feb 14th, 2008
User Badges:

I have multiple Interfaces connected to my PIX 525 (Version 6.3) but am having a particular connectivity issue with 2 of the Interfaces.

I cannot ping an Inside host on my internal network from a Third Party host on an external network.

I can ping the Third-Party host from an internal host fine, but the external to internal fails.

I've applied the following acl command on my Inside interface but it has not effect:

access-list acl_inside permit icmp any host echo-reply

access-list acl_inside permit icmp any host time-exceeded

To put it mildly, it's driving me nuts.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Wed, 02/20/2008 - 14:41
User Badges:
  • Silver, 250 points or more

The most common reason for this problem is a misconfiguration of the Network Address Translation (NAT), such as not having the ip nat inside and ip nat outside commands on the appropriate interfaces. Another possible reason is that there is no Access Control List (ACL) configured for NAT specifying which hosts are permitted to use NAT.Ensure that the ip nat inside and ip nat outside commands are assigned to the correct interfaces. Check the ACL configured for NAT and make sure the inverse mask is correct.



This Discussion