01-29-2008 02:11 AM - edited 03-11-2019 04:54 AM
in my firewall interface ip is 172.30.8.17..it is connected to the router f0 ip 172.30.8.18..interface status r up in both the devices.but unable to ping from firewall to 172.30.8.18..please provide me information abt the basic troubleshooting methods
01-29-2008 02:48 AM
Hi Suresh,
Have you allowed ICMP on the PIX interface?
icmp permit 172.30.18.16 255.255.255.252
01-29-2008 03:07 AM
Hi,
Thanks. but still unable to ..
01-29-2008 04:04 AM
Hi Suresh,
My debug advices are:
1. Enable debug ip icmp on router and debug icmp trace on the firewall. From each device try to ping the other and see if the ICMP echo request/reply reaches it.
2. Traceroute from one device to the other and check which route it takes. Since they are directly connected this should be just one step, but perhaps you have a typo on your subnets or something.
Also, can you ping from the router to the firewall? You seem to imply the problem is only from the firewall to the router and in that case it's definitely an access rule.
HTH,
Paulo
01-29-2008 06:23 AM
Hi Paulo,
Thanks for ur response.
1.I have enabled Debug but its showing ICMP echo request only
2.tracert also not reaching
3.unble to ping both the devices each other.
4.i have not configured any acl related to these interfaces ip's.moreover as i told u above the ip's are directly connected each other one is in firewall interface other is in router F0.I have enabled icmp in firewall also..
01-29-2008 07:00 AM
Hi,
If u can see the logs
%PIX-5-106100: access-list acl permitted icmp dmz1/172.30.8.18(0) -> dmz2/172.30.8.17(0) hit-cnt 1
Eventhought both the ip's are belongs to one interface pinging from one end other..how it is showing next like next interce name.could u plz explain me?
01-29-2008 09:01 AM
I don't think it should and maybe that's the problem. Can you post your configuration here?
Paulo
01-29-2008 11:48 PM
Hi,
Thanks.Kindly find the attached file.To establish the connectivity from 172.31.1.1 host to inside router network(172.16.59.128/25)am facing the above difficulties..but from some other interface to vendor interface traffic flows are going on but unable to ping from firewall. so please provide me the firewall config for the n\w diagram and router routes information to access from(Vendor(sec lev 30) to inside(sec lev 100)).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide