Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to allow ICMP when doing TCP PAT?

PIX-515E running 7.2.2

Internal network on private IP addresses, external network on public addresses.

Each internal Web server has its own external IP address. PIX is doing PAT, mapping the external port 80/tcp to port 8080/tcp internally on each Web server like this:

static (inside,outside) tcp web1-ext 80 web1-int 8080 netmask 255.255.255.255

The problem is, now I cannot allow ICMP echo requests to the Web servers.

If I did NAT (see below) then ICMP would be able to pass, but I need to translate the port too, so this won't work for me:

static (inside,outside) web1-ext web1-int netmask 255.255.255.255

How to do PAT (80-->8080) but also allow inbound ICMP echo requests?

2 REPLIES
Green

Re: How to allow ICMP when doing TCP PAT?

Sorry, I don't think that's possible.

New Member

Re: How to allow ICMP when doing TCP PAT?

That's not possible.

280
Views
0
Helpful
2
Replies
CreatePlease to create content