02-19-2003 02:48 AM - edited 03-09-2019 02:08 AM
Dear
I have Pix Firewall 525 & image ver 6.2.2 , I permit ICMP connection but dont work .
02-19-2003 08:22 AM
Do you have nat/global/static commands plus the conduit/acls set-up? Who is pinging who - ie low security interface to high security interface or in reverse? Are you pinging the interface or a host/device?
Does 'show log' show anything getting blocked or can't create an xlate? Can you do a 'debug icmp trace'
Steve
02-19-2003 09:37 PM
I have nat between inside and outside ,
I config conduit and permit ACL to access icmp protocal but not work.
I ping Host , device and interfce
..............................................................................................................
Ping out put :
E:\>ping 212.12.159.5 -t
Pinging 212.12.159.5 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
..................................................................................................................
the debug icmp trace out put :
75: Inbound ICMP echo reply (len 32 id 2 seq 6144) 212.12.159.5> 212.12.0.12 > 192.168.45.5
.................................................................................................................
Request timed out.
02-19-2003 10:54 PM
for troubleshooting purposes, allow icmp on all interfaces:
conduit permit icmp any any
Then ping again. make sure that the access-lists is removed first since they take precedence over conduits when they are both configured.
02-20-2003 05:36 AM
The PIX is sending the echo and getting the reply back and translating it. Is it translating it to the correct source host (ie 192.168.45.5)? Does the PIX have a route to 192.168.45.x? If yes to both I would post your config (minus passwd/IPs). And I would drop the conduits and only go with the acl's.
Steve
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: