cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
331
Views
0
Helpful
3
Replies

PIX 506E traffic forwading problem

parba.basu
Level 1
Level 1

Hi all,

We are using 1 PIX 506E and 1 2611 router, 1 3560-L3 switch.now i want to forward traffic from switch to PIX and then PIX to ROuter.i have connect pix & switch through 10.xx.xx.xx series ip and pix to router through 192.168.xx.xx series ip. from host or switch i m able to ping pix's inside interface but not to outside interface. from router also i can ping pix's outside ip but not to the inside ip. pls help us on this ASAP.ist very urgent.

3 Replies 3

htarra
Level 4
Level 4

There are two options in PIX 7.x that allow inside users to ping hosts on the outside. The first option is to setup a specific rule for each type of echo message. Another option is to configure ICMP inspection.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

you can't ping the far side interface of a pix or asa...ever.

you can ping hosts on the other side of a pix/asa though - just follow the aforementioned link.

(you just have to allow echo-replies from the hosts you're trying to ping).

from an inside host, you should be able to ping the router though, once you allow echo-replies back into the network.

to ping from outside to inside, allow echo's into the network.

abinjola
Cisco Employee
Cisco Employee

you cannot ping indirectly connected interfaces--thats by design

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml

Now coming over to your issue..from inside host behind the switch can you ping the default gateway of firewall ? if not then allow permit icmp any any in the outside accesss-group

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: