cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
645
Views
0
Helpful
4
Replies

Inside users access

rajankumaresan
Level 1
Level 1

Hi,

all the Inside users cant ping PIX outside interface, Routers interface.But, can able to telnet router,pix and access web also.What shd i missed out.

4 Replies 4

rrbleeker
Level 1
Level 1

Probably the 'icmp permit' commmand. This is seperate from the access list commands.

mike-banks
Level 1
Level 1

I am assuming you do not have a access-list that denies icmp messages on the inside interface. If this is the case, the PIX by default will allow inside host(based upon the nat command) to ping through the PIX. However, by default the outside interface will not allow the reply back inside unless you implictly allow this. If you are using access-list then enter the following commands on your outside interface : access-list outside permit icmp any any echo-reply

access-list outside permit icmp any any source-quench

access-list outside permit icmp any any unreachable

access-list outside permit icmp any any time-exceeded

Ok i will try..and My Nat cmd is

nat ( inside)1 0 0 then

global (outside)1 interface

so, all the inside users are tranlated in to PIX outside IP..do i need to assign a seperate global ip in Global command..like say..global (outside) global ip and mask?

c.appe
Level 1
Level 1

FYI.

Careful when doing translations all to 1. This is called PAT (Port address translation) a form of NAT. I am doing the same thing even though they say it doesn't work well with multimedia applications since PAT differentiates by port.

10.10.10.1 = 172.16.10.1:6000

10.10.10.2 = 172.16.10.1:6001

10.10.10.3 = 172.16.10.1:6002

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: