cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
0
Helpful
1
Replies

PIX Firewall - Can't Ping Inside Hosts from Outside Hosts

I have multiple Interfaces connected to my PIX 525 (Version 6.3) but am having a particular connectivity issue with 2 of the Interfaces.

I cannot ping an Inside host on my internal network from a Third Party host on an external network.

I can ping the Third-Party host from an internal host fine, but the external to internal fails.

I've applied the following acl command on my Inside interface but it has not effect:

access-list acl_inside permit icmp any host 172.30.5.3 echo-reply

access-list acl_inside permit icmp any host 172.30.5.3 time-exceeded

To put it mildly, it's driving me nuts.

Help!!!

1 Reply 1

bwilmoth
Level 5
Level 5

The most common reason for this problem is a misconfiguration of the Network Address Translation (NAT), such as not having the ip nat inside and ip nat outside commands on the appropriate interfaces. Another possible reason is that there is no Access Control List (ACL) configured for NAT specifying which hosts are permitted to use NAT.Ensure that the ip nat inside and ip nat outside commands are assigned to the correct interfaces. Check the ACL configured for NAT and make sure the inverse mask is correct.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: