05-25-2009 03:41 AM - edited 03-11-2019 08:36 AM
Hello
Im having a problem with a pix501
(config)# show version
Cisco PIX Firewall Version 6.3(1)
Cisco PIX Device Manager Version 2.0(2)
Compiled on Wed 19-Mar-03 11:49 by morlee
Gedsted-VPN up 13 days 1 hour
Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
0: ethernet0: address is 000c.8537.585e, irq 9
1: ethernet1: address is 000c.8537.585f, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10
This PIX has a Restricted (R) license.
When I ping an inside address from the outside i get the folloving message with the debug icmp trace command.
Inbound ICMP echo request (len 32 id 3 seq 1793) 172.26.1.31 > 10.5.10.2 > 10.5.10.2
On another pix501 6.3(4) that works like it is suppossed to I get the following.
Inbound ICMP echo request (len 32 id 3 seq 1793) 172.26.1.31 > 10.5.18.2
I dont understand why the first one does a > to the same ip twize
Could anyone help my?
05-29-2009 07:13 AM
This may be due to nat 0 issue.
06-01-2009 10:29 PM
Hi smalkeric.
It was not an error afterall. It turned out the it was supposed to do that.
The Pix501 was used as a vpn tunnel access to the network but was not the main router. The inside host I was pinging did not have a route to the network I was on as its main route pointed to the main router
10.5.10.1 main router
10.5.10.4 vpn router
After a "route add 172.26.1.0 mask 255.255.255.0 10.5.10.4 -d" on the inside host I got a reply on my pings.
Thanks anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide