Re: ping from inside interface not working

dradhika · ‎11-07-2006

Hi,

I am using pix7.0 device

ping x.x.x.x is working fine, but if I am trying to ping from inside interface ping fails

vpn-f1# ping outside x.x.x.x

Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

"outside" is my inside interface.

Would be great if I get any help.

TIA,

Radhika

Sureshdank · ‎11-07-2006

What is the security value you have given to your interfaces and what are the interfaces configured on your pix.

amit-singh · ‎11-07-2006

Radhika,

Send me your Pix config.

-amit singh

mahmoodmkl · ‎11-07-2006

Hi

As u have mentioned that outside is u r inside interface i think there is problem with the security level on the interface.

Thanks

Mahmood

dradhika · ‎11-08-2006

Hi,

attaching my config

Thanks,

Radhika

Sureshdank · ‎11-08-2006

After seeing the confiuration, I think the problem is with routing. If you are trying to ping some server in Internet, the it wont, because the default route is towards inside interface not outside interface.

Try to add route outside 0 0 x.x.x.x 1 and then ping.

HTH

Regards,

Suresh Jain

dradhika · ‎11-08-2006

Hi Suresh,

Pix's Inside interface is actually the outside interface. So I think the default route is correct.

To add some information , ping from the devices on inside network is also working.

Seems problem is only when I try to ping from the device.

Thanks,

Radhika

Endwigast · ‎11-08-2006

just to clarify - when you try to ping x.x.x.x from the inside network it works but when you try to ping x.x.x.x from the firewall it doesn't work?

dradhika · ‎11-08-2006

yes

Endwigast · ‎11-08-2006

can you enable debug icmp on the firewall then do a ping from the firewall then paste it here. that will show us what's happening of the firewall when you do a ping. also can you install a analogx packetmon on the workstation you are trying to ping so it could capture if the workstation is seeing any packets coming in. paste the result here also. if what you're trying to ping is a network equipment just enable icmp debug then paste the result here.

dradhika · ‎11-08-2006

Hi,

I don't see any debug message even though I enabled it.

xxxx(config)# ping outside x.x.x.x

Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:

?????

Success rate is 0 percent (0/5)

Thanks,

Radhika

Sureshdank · ‎11-08-2006

Radhika,

There is no natting being done in your configuration. If you connected your inside interface which you are using as outside to internet then you wont be able to ping.

HTH

Regards,

Suresh Jain

danielmassey · ‎11-08-2006

Hi,

Add a Access list with ICMP Permit any any and implement it in both Insid and Outside interface.

Hope this will help.

Regards

Danny

danielmassey · ‎11-08-2006

Hey,

Please i didnt checked the configuration you have attached. Without NAT Acl wont work in PIX. Please ignore the previous update.

Regards

Danny

dradhika · ‎11-08-2006

Hi Danny/Suresh,

I did no nat as below.

access-list nonat extended permit ip any any

nat (outside) 0 access-list nonat

seems no use.

Thanks,

Radhika