Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Ping through PIX515

I'm trying to allow ping from the inside to the dmz zone. For this I have configured an ACL allowing all icmp traffic and applied it to the dmz interface, but it doesn't works. What would be the problem?

I have started from the default configuration and added only the following lines

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 inside security100

nameif ethernet1 dmz security60

access-list dmz_in permit icmp any any

access-list dmz_in permit ip any any

ip address inside 10.29.40.9 255.255.255.0

ip address dmz 192.168.23.14 255.255.255.0

access-group dmz_in in interface dmz

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Ping through PIX515

You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.

2 REPLIES
Gold

Re: Ping through PIX515

can you pass other traffic to the dmz, besides icmp? if not, this might be a NAT issue. if you don't need nat from inside-> dmz, use something like the following:

static (inside,dmz) 192.168.1.1 192.168.1.1

where 192.168.1.1 is whatever host is on the inside that you're ping from.

New Member

Re: Ping through PIX515

You probably need to apply a nat ( inside ) 0 statement. You could also use a static map from the inside to the dmz network.

120
Views
0
Helpful
2
Replies
CreatePlease to create content