Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to Ping from an Inside Host to DMZ Webservers

icmp deny any outside

icmp permit any inside

icmp permit any dmz

The above statements are configured on my PIX

is there anything else I need to enable Ping from my PC to a web server on the DMZ?

2 REPLIES
Cisco Employee

Re: Unable to Ping from an Inside Host to DMZ Webservers

The "icmp" commands only affect traffic TO the PIX itself, not THROUGH it. By default the PIX will only open holes for return traffic for TCP/UDP based traffic, not ICMP. To get it to allow your return ICMP packets back in you have to turn on ICMP inspection. Use the:

inspect icmp

inspect icmp error

under your global service-policy.

New Member

Re: Unable to Ping from an Inside Host to DMZ Webservers

Thanks for your help, I'll give it a try.

124
Views
0
Helpful
2
Replies