Hello All I have the following situation on a PIX 520 running 6.2.2
I have three interfaces inside, outside, dmz
on the outside interface have an access-list which permits icmp from any to the IPs behind the DMZ interface, I have the following:
access-list external_access_in permit icmp any 184.108.40.206 255.255.255.0
nat (dmz) 0 220.127.116.11 255.255.255.0 0 0
access-group external_access_in in interface outside
18.104.22.168 are routed ip addresses in internet, the above permits outside hosts to ping my hosts behind the dmz interface
I am trying to do the same trying to permit the hosts behind the dmz to icmp ping the hosts behind the inside interface:
access-list dmz_in permit ip any any
nat (inside) 0 22.214.171.124 255.255.255.0 0 0
access-group dmz_in in interface dmz
The inside permits inbound by default.
But I have in the log :
305005: No translation group found for icmp src dmz:126.96.36.199 dst inside:188.8.131.52 (type 8, code 0)
According to me the situation is the same like pinging outside to dmz.
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
Does anyone could tell me where I am wrong, and how to permit the dmz hosts to icmp ping the hosts on the inside interface.
Thanks for your answers.