Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Inside users access

Hi,

all the Inside users cant ping PIX outside interface, Routers interface.But, can able to telnet router,pix and access web also.What shd i missed out.

4 REPLIES
New Member

Re: Inside users access

Probably the 'icmp permit' commmand. This is seperate from the access list commands.

New Member

Re: Inside users access

I am assuming you do not have a access-list that denies icmp messages on the inside interface. If this is the case, the PIX by default will allow inside host(based upon the nat command) to ping through the PIX. However, by default the outside interface will not allow the reply back inside unless you implictly allow this. If you are using access-list then enter the following commands on your outside interface : access-list outside permit icmp any any echo-reply

access-list outside permit icmp any any source-quench

access-list outside permit icmp any any unreachable

access-list outside permit icmp any any time-exceeded

New Member

Re: Inside users access

Ok i will try..and My Nat cmd is

nat ( inside)1 0 0 then

global (outside)1 interface

so, all the inside users are tranlated in to PIX outside IP..do i need to assign a seperate global ip in Global command..like say..global (outside) global ip and mask?

New Member

Re: Inside users access

FYI.

Careful when doing translations all to 1. This is called PAT (Port address translation) a form of NAT. I am doing the same thing even though they say it doesn't work well with multimedia applications since PAT differentiates by port.

10.10.10.1 = 172.16.10.1:6000

10.10.10.2 = 172.16.10.1:6001

10.10.10.3 = 172.16.10.1:6002

223
Views
0
Helpful
4
Replies
CreatePlease to create content