Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cannot ping from inside IP to DMZ IP

Unanswered Question


I have a PIX525 installed with the inside IP for the LAN, the outside IP connecting the Internet Router and a 'new' DMZ IP for a connection to the private IP of a VPN3030.

I tried to ping (extended) from the inside IP of the PIX to the DMZ IP. It couldn't ping, even after I enabled the access-list to allow all IP between the DMZ and the inside interface.

The only thing that I did was putting the NAT to 'use same address' rather than creating a new NAT. Thus, it created the 'Null Rule' to the ACL which I just inserted.

So, what exactly can I do to be able to ping between these 2 interface?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (2 ratings)
a.lysyuk Mon, 12/29/2003 - 01:25
User Badges:

Access list only applies to packets which traverse PIX and not terminate on it interfaces.

If you want PIX interface to reply to ICMP echo packets you should use the configuration command:

icmp permit IP_address netmask Interface_name


Thanks. I actually allowed all IP to pass through for now. Still, I was not able to ping the next-hop IP.

Today, I activated the NAT at the PIX and I was able to ping that next-hop IP. However, as I have the outside IP doing the same NAT, I can't activate this NAT (at the DMZ) and the NAT (at the outside) using the same range of IP addresses, eventhough I use different inside global IP address.

So, how can I activate the NAT for the same inside local for the DMZ and the Internet?



This Discussion