Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

2 router and one PIX firewall

In our office we have 2 router and 1 pix 515R firewall i am able to ping and TFTP inside router but outside router i am not able to PING not TFTP from any host......is these because of NATING in PIX..But i am able to ping the outside router from PIX

2 REPLIES
Silver

Re: 2 router and one PIX firewall

Hi,

From inside hosts to ping to outside, certain criteria has to met. for example

1- Any form of translation (or no translation) has to be there e.g. the following statements are required

nat (inside) 1 0 0

global (outside) 1 interface

2- For PING you need to open up icmp echo reply to come back from a low security interface to a high security level interface. e.g.

access-list 100 permit icmp any any echo-reply

access-group 100 in interface outside.

There can be several combinations/variations of the above two requirements.

Oh and ofcourse you need a default route in your pix firewall pointing towards your default gateway/outside router.

Thanks

Nadeem Khawaja

New Member

Re: 2 router and one PIX firewall

In PIX we have configured the

Global(outside)1 IP address

Nat (inside)1 0.0.0.0 0.0.0.0

and instead of access-list we have "conduit permit icmp any any"

And i did not get your last answer default gateway of outside router....Can u please explain me with commands regarding these

Thanks for the reply

Nagalakshmi

80
Views
0
Helpful
2
Replies
CreatePlease to create content