10-22-2005 04:52 AM - edited 03-09-2019 12:48 PM
Hi
i have a cisco pix firewall (515E)
i ve configured it with :
inside 10.1.1.1 255.255.0.0
dmz 192.168.100.1 255.255.255.0
outside 100.100.85.2
route outside 0.0.0.0 0.0.0.0 100.100.85.1(internet router)
global (dmz) 1 192.168.100.10-192.168.100.20
global (outside) 1 100.100.85.10-100.100.85.20
nat (inside) 1 10.1.0.0 255.255.0.0
conduit permit icmp any any
conduit permit tcp any any
but when i do ping from host at inside with ip address 10.1.1.10 to 192.168.100.10 (host at dmz) i have request timeout message.
and when i ping internet from inside its work and i have reply.
please help me . emergency
10-22-2005 05:40 AM
for inside to access dmz,
no global (dmz) 1 192.168.100.10-192.168.100.20
static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0
clear xlate
10-27-2005 02:10 PM
The rules you configured allow internal host to go to the dmz
nat (inside) 1 10.1.0.0 255.255.0.0
global (dmz) 1 192.168.100.10-192.168.100.20
The conduit allows you to ping
conduit permit icmp any any
Why are you not getting a response? In order to get an answer you need to do more troubleshooting
check if the packets are making it to the inside interface
debug packet inside dst 192.168.100.10 proto icmp
Try to ping, if you see the packet, remove the debug and place it on the dmz
debug packet dmz dst 192.168.100.10 proto icmp
If you see the requests passing, check the computers default gateway
You can use the "debug icmp trace" command as well
For more info
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1059143
If you don't see the packets, send your configuration so I can check it out,
Franco Zamora
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: