Pix501 problem, icmp problem, need help

kjciscokj · ‎05-25-2009

Hello

Im having a problem with a pix501

(config)# show version

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 2.0(2)

Compiled on Wed 19-Mar-03 11:49 by morlee

Gedsted-VPN up 13 days 1 hour

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz

Flash E28F640J3 @ 0x3000000, 8MB

BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 000c.8537.585e, irq 9

1: ethernet1: address is 000c.8537.585f, irq 10

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 2

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: 10

Throughput: Unlimited

IKE peers: 10

This PIX has a Restricted (R) license.

When I ping an inside address from the outside i get the folloving message with the debug icmp trace command.

Inbound ICMP echo request (len 32 id 3 seq 1793) 172.26.1.31 > 10.5.10.2 > 10.5.10.2

On another pix501 6.3(4) that works like it is suppossed to I get the following.

Inbound ICMP echo request (len 32 id 3 seq 1793) 172.26.1.31 > 10.5.18.2

I dont understand why the first one does a > to the same ip twize

Could anyone help my?

smalkeric · ‎05-29-2009

This may be due to nat 0 issue.

kjciscokj · ‎06-01-2009

Hi smalkeric.

It was not an error afterall. It turned out the it was supposed to do that.

The Pix501 was used as a vpn tunnel access to the network but was not the main router. The inside host I was pinging did not have a route to the network I was on as its main route pointed to the main router

10.5.10.1 main router

10.5.10.4 vpn router

After a "route add 172.26.1.0 mask 255.255.255.0 10.5.10.4 -d" on the inside host I got a reply on my pings.

Thanks anyway.