2 router and one PIX firewall

Unanswered Question
Nov 21st, 2003
User Badges:

In our office we have 2 router and 1 pix 515R firewall i am able to ping and TFTP inside router but outside router i am not able to PING not TFTP from any host......is these because of NATING in PIX..But i am able to ping the outside router from PIX

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nkhawaja Fri, 11/21/2003 - 10:36
User Badges:
  • Cisco Employee,

Hi,


From inside hosts to ping to outside, certain criteria has to met. for example


1- Any form of translation (or no translation) has to be there e.g. the following statements are required

nat (inside) 1 0 0

global (outside) 1 interface


2- For PING you need to open up icmp echo reply to come back from a low security interface to a high security level interface. e.g.


access-list 100 permit icmp any any echo-reply

access-group 100 in interface outside.



There can be several combinations/variations of the above two requirements.


Oh and ofcourse you need a default route in your pix firewall pointing towards your default gateway/outside router.


Thanks

Nadeem Khawaja

nagalakshmi_n2000 Fri, 11/21/2003 - 22:34
User Badges:

In PIX we have configured the

Global(outside)1 IP address

Nat (inside)1 0.0.0.0 0.0.0.0

and instead of access-list we have "conduit permit icmp any any"


And i did not get your last answer default gateway of outside router....Can u please explain me with commands regarding these


Thanks for the reply

Nagalakshmi

Actions

This Discussion