Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allow ping using Pix

I have configured pix firewall, but is is not allowing me to ping internet websites. I want to allow ping from LAN to Internet. I have created access list to allow ping from my LAN to ANY. When i try ping www.yahoo.com it is resolving ip but saying request time out as shown below.

Pinging www.yahoo-ht2.akadns.net [209.191.93.52] with 32 bytes of data:

Request timed out.

Request timed out.

My internal ip is xx.xx.1.1

External Ip is xx.xx.7.1

Please help me to solve this problem.

Thanks in advance.

2 REPLIES

Re: Allow ping using Pix

Since you managed to resolve the url/server name to IP, this indicate that the DNS resolution works fine.

To really test & verify ping/icmp, try to ping to many sites/servers/IPs. Pinging to one site/server might not be accurate.

Also, make sure (IF) you have ACL applied on the Inside interface, to permit icmp, example, permit any any for testing purposes:

*add to your inside ACL

access-list inside permit icmp any any

access-group inside in interface inside

Make sure no ACL blocking icmp traffic on your internet router.

BTW, is:

My internal ip is xx.xx.1.1 --> private IP on Inside interface

External Ip is xx.xx.7.1 --> public IP on Outside interface

HTH

AK

New Member

Re: Allow ping using Pix

You have to allow the reply on outside interface.

access-list 101 permit icmp any any echo-reply

access-group 101 in interface outside

242
Views
0
Helpful
2
Replies