ICMP's denied on Inside Interface on PIX

Unanswered Question
Aug 7th, 2008

I have the inside interface of our PIX (172.17.1.2) configured as the default GW for my laptop. I have my laptop connected to a non L3 switch which is connected to the INside interface of the switch.

The ports on the switch are all in the same VLAN, including the laptop port and the port which connects to the inside interface of the PIX.

I cannot get a reply when i ping the Inside Interface of the PIX. I have the correct IP addresses and mask configured.

I do get the following output on the PIX when I run a "debug icmp trace":

Denied ICMP type = 8, code = 0 from 172.17.1.100on interface 1.

I have a "permit icmp 172.17.1.0 255.255.255.240 inside " statement configured on the PIX as well. I cannot figure out why is is denying the ICMP packet.

Any help would be welcomed here.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Farrukh Haroon Thu, 08/07/2008 - 12:03

You mask does not cover .100. It only covers .0 to .15.

172.17.1.0 255.255.255.240

Change it to

permit icmp 172.17.1.0 255.255.255.0 inside

or

permit icmp 172.17.1.0 255.255.255.128 inside

Please rate if helpful.

Regards

Farrukh

Actions

This Discussion