Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
2
Replies

PIX 515E - Ping Urgent

prashanth15
Level 1
Level 1

‎12-07-2005 06:32 PM - edited ‎02-21-2020 12:34 AM

Hi,

Pls find the attached diagram.

the requirement is:

1. inside servers should ping pix inside,dmz,outside interface.

2.the server in pix dmz should be able to ping pix dmz,inside,outside interface and all servers inside.

3. from ISA i should be able to ping pix inside,dmz,outside interface and all servers inside.

Pls advice how to configure PIX using version 6.3(4) and 7.0

Regards,

Prashanth

Preview file
45 KB
0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎12-07-2005 10:50 PM

just a quick comment.

by default, any host connected to a pix interface can ping that particular interface only. e.g. inside host can ping pix inside interface; or dmz host can ping pix dmz interface. as far as i know, there is no workaround.

0 Helpful

haithamnofal
Level 3
Level 3

‎12-07-2005 11:18 PM

Hi,

First of all, PIX doesnt allow ping across its interfaces (i.e. inside subnet cant ping the DMZ or the outside interfaces of the PIX). But in order to allow a subnet to ping the interface it's directly connected to, apply: "permit icmp any " command.

In order for subnets connected to different interfaces to ping each other, you need to make sure that address tranlsation is configured properly. For example, in order for the DMZ subnet hosts to ping internal servers, you might need to apply: static (inside,dmz) netmask in order for the internal subnet to be self-translated to DMZ.

Please let me know how things go with you.

Best regards,

Haitham

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card