06-26-2007 08:15 AM - edited 03-11-2019 03:35 AM
I configured a pix 515. users in the lan can ping machine on the internet but cannot load any internet pages. pc on the lan have the right dns server.
please how can i resolv the dns problem ?
Solved! Go to Solution.
06-27-2007 04:51 AM
no access-list ping_acl permit icmp any any
no access-group ping_acl in interface inside
You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...
access-list acl_out permit icmp any any echo-reply
Please rate if this helps.
06-26-2007 08:37 AM
Is there an acl on the inside interface?
06-27-2007 12:23 AM
06-27-2007 12:32 AM
Hello.
The ping_acl is your problem.
You will need to add a line allowing users port 80 connections out (there maybe other ports required also)
Tim
06-27-2007 12:45 AM
ok,
addind a line like with an acl? how ?
access-list out_acl permit tcp inside-network any eq 80
is it correct ?
Regards
06-26-2007 11:52 PM
Is it possible to see a configuration?
06-27-2007 12:25 AM
06-27-2007 04:51 AM
no access-list ping_acl permit icmp any any
no access-group ping_acl in interface inside
You do not need this acl to allow ping from the inside interface. Removing this acl will solve your dns problems etc. If you want to ping to the outside you only need to allow the reply in the outside interface acl like so...
access-list acl_out permit icmp any any echo-reply
Please rate if this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide