Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Are Natted IP addresses pingable from outside on PIX 525/ version 6.1???

Gents,

I mean once inside private IP addresses are translated to global address.cud anyone ping those ip address (global one)from Internet.I have enabled

conduit permit icmp any any (Is this the reason or PIX sud have done this by default)

2- why and at what point NATing Traslation takes place specially when I am using proxyserver.To me only Proxyserver IP sud be translated to global since all users connect to proxy which points to PIX .

when I see

Sh xlate

it shows all inside addresses translated to global ??

Rgds

3 REPLIES
Cisco Employee

Re: Are Natted IP addresses pingable from outside on PIX 525/ ve

If you have a condiut/ACL allowing ICMP thru, then yes, all your inside hosts that have a static associated with them will be pingable.

NAT'ing takes place in between the packet entering the inside interface and before the PIX sends it out teh outside interface. If your "sho xlate" shows all of your internal addresses, that's because that's what the PIX is seeing in the packets that enter it.

New Member

Re: Are Natted IP addresses pingable from outside on PIX 525/ ve

Thanx Sir,

It silenced me 99%. my fear was why user IP packets are reaching to PIX when there is a proxy server (for http traffic) and a layer 3 switch before PIX.

But Nobody from outside can access global IP unless I statically map and then give access thru conduit/acl ?? is it right ??

Cisco Employee

Re: Are Natted IP addresses pingable from outside on PIX 525/ ve

Correct.

154
Views
0
Helpful
3
Replies
CreatePlease login to create content