Re: Can’t permit Ping between two interface

aymandcp · ‎02-19-2003

Dear

I have Pix Firewall 525 & image ver 6.2.2 , I permit ICMP connection but don’t work .

steve.barlow · ‎02-19-2003

Do you have nat/global/static commands plus the conduit/acls set-up? Who is pinging who - ie low security interface to high security interface or in reverse? Are you pinging the interface or a host/device?

Does 'show log' show anything getting blocked or can't create an xlate? Can you do a 'debug icmp trace'

Steve

aymandcp · ‎02-19-2003

I have nat between inside and outside ,

I config conduit and permit ACL to access icmp protocal but not work.

I ping Host , device and interfce

..............................................................................................................

Ping out put :

E:\>ping 212.12.159.5 -t

Pinging 212.12.159.5 with 32 bytes of data:

Request timed out.

..................................................................................................................

the debug icmp trace out put :

75: Inbound ICMP echo reply (len 32 id 2 seq 6144) 212.12.159.5> 212.12.0.12 > 192.168.45.5

.................................................................................................................

Request timed out.

cocoy · ‎02-19-2003

for troubleshooting purposes, allow icmp on all interfaces:

conduit permit icmp any any

Then ping again. make sure that the access-lists is removed first since they take precedence over conduits when they are both configured.

steve.barlow · ‎02-20-2003

The PIX is sending the echo and getting the reply back and translating it. Is it translating it to the correct source host (ie 192.168.45.5)? Does the PIX have a route to 192.168.45.x? If yes to both I would post your config (minus passwd/IPs). And I would drop the conduits and only go with the acl's.

Steve

Cant permit Ping between two interface

Cant permit Ping between two interface