Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cant PING inside int address of PIX, Please Help

I cannot ping the inside interface of my PIX, I have connected the ethernet1 inside interface directly to a PC via a cross over cable. I have configured the IP address of the inside to 192.168.1.1 and of the PC 192.168.1.2.

The duplex and speed of the PIX is set at auto. The secutity level of the inside is still at its default of 100. This is a brand new PIX firewall. I should not have to do anything to ping the inside interface of the PIX from a PC that is directly connected to the PIX? The interface of the PIX is up and the line protocol is up.

The pix ios version 6.22 and model is a Cisco Secure 525.

I appreciate any responses,

Thank YOU,

3 REPLIES
Bronze

Re: Cant PING inside int address of PIX, Please Help

Hi,

Try this....

access-list inside_out permit icmp any any echo

access-list inside_out permit ip any any

!

access-group inside_out in interface inside

Here's a link...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Hope that helps....

Re: Cant PING inside int address of PIX, Please Help

Try

ICMP PERMIT ANY INSIDE

ALSO

ICMP PERMIT ANY OUTSIDE

Will allow you to ping the outside if from outside (do not recomend that)

Re: Cant PING inside int address of PIX, Please Help

Folks,

*Please, please* with issues like this, *always* start small and build up. For instance, if you do a 'sh int' what do you see for a status on your inside interface? Up/Up, Up/Down, Administratively Down, etc.. If Up/Up, do a 'sh arp'. Do you see an ARP entry for the PC? Display the ARP table on the PC. Do you see an entry for the PIX inside interface?

You do not need to create an ACL to permit ICMP TO the PIX. Remember, ACL's only affect (effect) transit traffic THROUGH the PIX and not TO the PIX. ICMP has been permitted by default to a PIX interface for as long as I can remember so the above are not necessary.

Hope this helps.

Scott

95
Views
5
Helpful
3
Replies
CreatePlease login to create content