Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can’t permit Ping between two interface

Dear

I have Pix Firewall 525 & image ver 6.2.2 , I permit ICMP connection but don’t work .

4 REPLIES

Re: Can’t permit Ping between two interface

Do you have nat/global/static commands plus the conduit/acls set-up? Who is pinging who - ie low security interface to high security interface or in reverse? Are you pinging the interface or a host/device?

Does 'show log' show anything getting blocked or can't create an xlate? Can you do a 'debug icmp trace'

Steve

New Member

Re: Can’t permit Ping between two interface

I have nat between inside and outside ,

I config conduit and permit ACL to access icmp protocal but not work.

I ping Host , device and interfce

..............................................................................................................

Ping out put :

E:\>ping 212.12.159.5 -t

Pinging 212.12.159.5 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

..................................................................................................................

the debug icmp trace out put :

75: Inbound ICMP echo reply (len 32 id 2 seq 6144) 212.12.159.5> 212.12.0.12 > 192.168.45.5

.................................................................................................................

Request timed out.

New Member

Re: Can’t permit Ping between two interface

for troubleshooting purposes, allow icmp on all interfaces:

conduit permit icmp any any

Then ping again. make sure that the access-lists is removed first since they take precedence over conduits when they are both configured.

Re: Can’t permit Ping between two interface

The PIX is sending the echo and getting the reply back and translating it. Is it translating it to the correct source host (ie 192.168.45.5)? Does the PIX have a route to 192.168.45.x? If yes to both I would post your config (minus passwd/IPs). And I would drop the conduits and only go with the acl's.

Steve

116
Views
0
Helpful
4
Replies
CreatePlease to create content