Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
0
Helpful
2
Replies

PIX 525 configuration

seekhpar121
Level 1
Level 1

‎10-20-2008 08:03 AM - edited ‎03-11-2019 07:00 AM

I have Cisco PIX (525) Firewall Version 6.3(5) with two interfaces.

For testing purpose,One Pc is directly connected to each interface.

From Pix i can ping both Pcs.

But cannot ping

inside interface of pix and pc(A) from pc(B) attached to outside interface.

outside interface of pix and Pc(B) from Pc(A) attached to inside interface.

PC A:

ip: 10.1.0.2

Gateway:10.1.0.1

PC B:

ip: 172.16.1.2

Gateway:172.16.1.1

PIX Configuration:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

access-list ping_acl permit icmp any any

access-list acl_out permit icmp any any

ip address outside 172.16.1.1 255.255.0.0

ip address inside 10.1.0.1 255.255.0.0

access-group ping_acl in interface outside

access-group ping_acl in interface inside

Now help is required for complete the configuration.

Also required Configuration Labs for testing the PIX.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

husycisco
Level 7
Level 7

‎10-20-2008 08:14 AM

Hello Muhammed,

fixup protocol icmp

static (inside,outside) 10.1.0.0 10.1.0.0 netmask 255.255.0.0

static (outside,inside) 172.16.0.0 172.16.0.0 netmask 255.255.0.0

Or,

fixup protocol icmp

access-list inside_nat0_outbound permit ip 10.1.0.0 255.255.0.0 172.16.0.0 255.255.0.0

nat (inside) 0 access-list inside_nat0_outbound

Regards

0 Helpful

seekhpar121
Level 1
Level 1
In response to husycisco

‎10-20-2008 10:24 PM

Hi,

Thanks for reply.

But Still cannot ping neither the other interface from PC nor the PC at other interface.

following is the current configuration:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname pixfirewall

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol icmp error

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 100 permit ip any any

access-list 100 permit icmp any any

ip address outside 172.16.1.1 255.255.0.0

ip address inside 10.1.0.1 255.255.0.0

ip address outside 172.16.1.1 255.255.0.0

ip address inside 10.1.0.1 255.255.0.0

Following is the result of

debug icmp trace

13: ICMP echo-request from inside:10.1.0.2 to 172.16.1.1 ID=512 seq

=16128 length=40

14: ICMP echo-request from inside:10.1.0.2 to 172.16.1.1 ID=512 seq=16384 length

=40

15: ICMP echo-request from inside:10.1.0.2 to 172.16.1.1 ID=512 seq=16640 length

=40

16: ICMP echo-request from inside:10.1.0.2 to 172.16.1.1 ID=512 seq=16896 length

waiting for reply

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card