Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Highlighted
New Member

Problem in pix515 with ios7.2(3)

Actualy i can ping from inside to outside with ip 192.168.101.11, but can't ping from ip 192.168.101.123.I have also post the running config.Plz reply back asap.

thanks

3 REPLIES
New Member

Re: Problem in pix515 with ios7.2(3)

This is because you have an Access-list set INBOUND on your inside interface and you do not have a permit statement to allow traffic to the address (192.168.101.123). You need to add the IP address or an Object group that it is listed in to the "inside_access_in" access-list.

Example

access-list inside_access_in extended permit ip object-group MailDNS object-group xxxxx

access-list inside_access_in extended permit ip host 192.168.101.123 object-group xxxxx

access-list inside_access_in extended permit ip object-group MailDNS1 ip host xxxxx

You will need to do this because the way your access-list reads you will block all IP traffic that is not implicitly allowed BEFORE you allow ICMP from any to any. So you will need to allow IP traffic from that address first or you will need to change the position of your two lines....

access-list inside_access_in extended deny ip any any

access-list inside_access_in extended permit icmp any any

to be....

access-list inside_access_in extended permit icmp any any

access-list inside_access_in extended deny ip any any

New Member

Re: Problem in pix515 with ios7.2(3)

After modification (according to u), it is not working means still ip x.x.x.123 is not working, but other ip is working fine.Plz relpy asap.

New Member

Re: Problem in pix515 with ios7.2(3)

Did you add it to the object group and put the object group in your INBOUND IN access list? Or did you just add an entry for it alone?

99
Views
5
Helpful
3
Replies
CreatePlease login to create content