Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

unable to ping firewall int other end

in my firewall interface ip is 172.30.8.17..it is connected to the router f0 ip 172.30.8.18..interface status r up in both the devices.but unable to ping from firewall to 172.30.8.18..please provide me information abt the basic troubleshooting methods

7 REPLIES
New Member

Re: unable to ping firewall int other end

Hi Suresh,

Have you allowed ICMP on the PIX interface?

icmp permit 172.30.18.16 255.255.255.252

New Member

Re: unable to ping firewall int other end

Hi,

Thanks. but still unable to ..

New Member

Re: unable to ping firewall int other end

Hi Suresh,

My debug advices are:

1. Enable debug ip icmp on router and debug icmp trace on the firewall. From each device try to ping the other and see if the ICMP echo request/reply reaches it.

2. Traceroute from one device to the other and check which route it takes. Since they are directly connected this should be just one step, but perhaps you have a typo on your subnets or something.

Also, can you ping from the router to the firewall? You seem to imply the problem is only from the firewall to the router and in that case it's definitely an access rule.

HTH,

Paulo

New Member

Re: unable to ping firewall int other end

Hi Paulo,

Thanks for ur response.

1.I have enabled Debug but its showing ICMP echo request only

2.tracert also not reaching

3.unble to ping both the devices each other.

4.i have not configured any acl related to these interfaces ip's.moreover as i told u above the ip's are directly connected each other one is in firewall interface other is in router F0.I have enabled icmp in firewall also..

New Member

Re: unable to ping firewall int other end

Hi,

If u can see the logs

%PIX-5-106100: access-list acl permitted icmp dmz1/172.30.8.18(0) -> dmz2/172.30.8.17(0) hit-cnt 1

Eventhought both the ip's are belongs to one interface pinging from one end other..how it is showing next like next interce name.could u plz explain me?

New Member

Re: unable to ping firewall int other end

I don't think it should and maybe that's the problem. Can you post your configuration here?

Paulo

New Member

Re: unable to ping firewall int other end

Hi,

Thanks.Kindly find the attached file.To establish the connectivity from 172.31.1.1 host to inside router network(172.16.59.128/25)am facing the above difficulties..but from some other interface to vendor interface traffic flows are going on but unable to ping from firewall. so please provide me the firewall config for the n\w diagram and router routes information to access from(Vendor(sec lev 30) to inside(sec lev 100)).

189
Views
0
Helpful
7
Replies