02-05-2008 12:15 AM - edited 03-11-2019 04:59 AM
Hi all,
We are using 1 PIX 506E and 1 2611 router, 1 3560-L3 switch.now i want to forward traffic from switch to PIX and then PIX to ROuter.i have connect pix & switch through 10.xx.xx.xx series ip and pix to router through 192.168.xx.xx series ip. from host or switch i m able to ping pix's inside interface but not to outside interface. from router also i can ping pix's outside ip but not to the inside ip. pls help us on this ASAP.ist very urgent.
02-12-2008 06:49 AM
There are two options in PIX 7.x that allow inside users to ping hosts on the outside. The first option is to setup a specific rule for each type of echo message. Another option is to configure ICMP inspection.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
02-12-2008 07:37 AM
you can't ping the far side interface of a pix or asa...ever.
you can ping hosts on the other side of a pix/asa though - just follow the aforementioned link.
(you just have to allow echo-replies from the hosts you're trying to ping).
from an inside host, you should be able to ping the router though, once you allow echo-replies back into the network.
to ping from outside to inside, allow echo's into the network.
02-12-2008 07:36 AM
you cannot ping indirectly connected interfaces--thats by design
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item09186a0080094874.shtml
Now coming over to your issue..from inside host behind the switch can you ping the default gateway of firewall ? if not then allow permit icmp any any in the outside accesss-group
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: