I am trying to allow ICMP coming in from an outside host (192.168.10.100) to ping an inside host (10.10.233.100) through a PIX 501 running v 6.3.5
The outside interface is address 192.168.10.10 and the inside interface is address 10.10.233.10
I have the following configured on the PIX :
access-list out_to_in permit ICMP any any
access-group out_to in interface outside
static (inside, outside) 192.168.10.50 10.10.233.100 netmask 255.255.255.255
When running a Debug ICMP Trace I do see the transalation happening which translates the ping address (192.168.10.50) to the inside host address (10.10.233.100)
All tseems to be working as it should but I do not receive a ping response (echo-reply) on the outside host.
Any thoughts would be greatly appreciated. Thanks
Okay, time for a bit of debugging :-)
1) debug packet inside src 192.168.10.100
do you see packets leaving the inside interface going to 10.10.233.10 ? If yes
2) debug packet inside dst 192.168.10.100
do you see packets returning from 10.10.233.10 to 192.168.10.100
One other thing - you are ping 192.168.10.50 from 192.168.10.100 ?