I want to use this command to let outside access the inside. topology is simple. but I can't ping R1's interface 18.104.22.168 from R2.
anything wrong with the configure? thanks first.
pixfirewall# sh ru
PIX Version 8.0(4)
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
interface Ethernet0<=== connects to R2 the other side is 10.1.1.1
ip address 10.1.1.2 255.255.255.0
interface Ethernet1<=== connects to R1, the other side is 22.214.171.124
ip address 126.96.36.199 255.255.255.0
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
static (inside,outside) 10.1.1.100 188.8.131.52 netmask 255.255.255.255<==== Static
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
prompt hostname context
Solved! Go to Solution.
You would need to configure the following ACL instead:
access-list outside_access_in permit icmp host 10.1.1.1 host 10.1.1.100
access-list outside_access_in in interface outside
Hope that helps.
I just added these two commands. I saw difference. R1 received the ping packets. but R2 shows not getting the replying. Do I need to configure anything from R1 to R2 direction?
I didn't see the policy-map configuration on your current config.
Please kindly add the following:
service-policy global_policy global
Hope that helps.
I did. But the same...
I found I can't ping from R1 to R2 as well and i think this might be the problem. Is there any routing I need to configure in firewall to make it happen?
Shouldn't be any routing issue as it's directly connected to each other.
Please "clear xlate" and "clear arp" on the PIX, and also "clear arp" on both routers.