Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
2
Replies

Cannot ping PIX-515e Interfaces

Go to solution
jfriasbarbosa
Level 1
Level 1

‎06-28-2006 09:12 AM - edited ‎03-09-2019 03:25 PM

I know this is a very silly question for this forum, but I already tried many things and cannot get response from the PIX-Firewall interfaces.

This is my setup (very easy!!):

Using a FastEthernet port on Router I have a cross-over cable connected Directly to the outside I/F of the PIX-515e. (The cross-over cable works, I already tested it). Router <--> PIX Directly connected.

I've configured the PIX firewall to allow pings (I've used different commands):

icmp permit any echo-reply outside

icmp permit any outside

icmp permit <IP> <net-mask> echo-reply outside

I tried configuring each of them and also combined them.

Also tried sending the PIX to its defaults. Supposedly after this the PIX should allow all pings if no "icmp" command is configured.

I configured the ports on both sides to 100 Full

On both sides of the link (PIX and Router) I have the links up. The lights are ON.

The "show int" on the PIX firewall shows up/up

The same on the router...

Both interfaces are configured in

10.1.1.0/24 (10.1.1.1 & 10.1.1.2)

What I'm doing wrong?

this should be very easy...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrisbicm
Level 1
Level 1

‎06-28-2006 12:26 PM

Hello,

Majority of the time interfaces will deny ICMP packets explicetly unless you state otherwise. Here is a link to a pretty good configuration guide... take a look at the link to the Pinging Security Appliance Interfaces section in this guide. I got really frustrated myself during the setup/testing phase because pings werent working and this helped. Hope this helps you out a bit and makes your life easier =) (rate if it does please and thanks)

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00805521b6.html#wp1059645

Thanks,

Chris

View solution in original post

0 Helpful
2 Replies 2

Go to solution
chrisbicm
Level 1
Level 1

‎06-28-2006 12:26 PM

Hello,

Majority of the time interfaces will deny ICMP packets explicetly unless you state otherwise. Here is a link to a pretty good configuration guide... take a look at the link to the Pinging Security Appliance Interfaces section in this guide. I got really frustrated myself during the setup/testing phase because pings werent working and this helped. Hope this helps you out a bit and makes your life easier =) (rate if it does please and thanks)

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00805521b6.html#wp1059645

Thanks,

Chris

0 Helpful

Go to solution
grant.maynard
Level 4
Level 4

‎06-29-2006 06:45 AM

ARP entries on both?

I take it there's no ACL on the router?

"debug packet" on pix, "debug ip icmp" on router, then try to ping both ways.

0 Helpful
Customers Also Viewed These Support Documents