Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Ping PIX

[R4] --- PIX --- [R1]

I need to configure a static route for 10.1.1.x network on R4 and configure PIX so that R4

can ping 10.1.1.1 (R1). But, the configuration does not seem to work.

R4

!

interface Ethernet0

ip address 20.x.x.x.x.255.0

!

ip route 10.1.1.1 255.255.255.0 20.1.24.254

!

PIX

!

nameif ethernet0 inside security100

nameif ethernet1 outside security0

!

ip address inside 10.1.1.254 255.255.255.0

ip address outside 20.x.x.x.x.255.0

!

static (inside,outside) 20.x.x.x.x.1.1 netmask 255.255.255.255 0 0

access-list MYACLOUT permit ip host 20.1.24.4 host 10.1.1.1

access-group MYACLOUT in interface outside

icmp permit host 20.1.24.4 echo outside

!

icmp deny any outside

icmp deny any inside

!

R1

!

interface Ethernet0

ip address 10.1.1.1 255.255.255.0

!

Ping does not work ?

R4# ping 10.1.1.1

....

6 REPLIES
Purple

Re: Ping PIX

Hi,

Can you try the following config on the PIX:

static (inside,outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255 0 0

instead of:

static (inside,outside) 20.1.24.4 10.1.1.1 netmask 255.255.255.255 0 0

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Ping PIX

No, it did not work.

R4#ping 20.1.24.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.1.24.254, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R4#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R4#

New Member

Re: Ping PIX

No, it did not work.

R4#ping 20.1.24.254

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.1.24.254, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R4#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R4#

New Member

Re: Ping PIX

the icmp permit host 20.1.24.4 echo outside is allowing the host 20.1.24.2 to ping the pix, not the server that you have the static for. Add ICMP to your access-list and you should be good to go.

access-list MYACLOUT permit icmp any host 20.1.24.4

Hope this helps.

Bronze

Re: Ping PIX

Simple!

Need to have a route back,

Type the following command on R1:

ip route 20.0.0.0 255.0.0.0 10.1.1.254

It should work after that...

All the best.

New Member

Re: Ping PIX

This should get you started:

R4:

no ip route 10.1.1.1 255.255.255.0 20.1.24.254

ip route 10.1.1.0 255.255.255.0 20.1.24.254

PIX:

ip address outside 20.1.24.254 255.255.255.0

no static (inside,outside) 20.x.x.x.x.1.1 netmask 255.255.255.255 0 0

static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

access-list MYACLOUT permit icmp any any

no access-list MYACLOUT permit ip host 20.1.24.4 host 10.1.1.1

route outside 0.0.0.0 0.0.0.0

149
Views
0
Helpful
6
Replies
CreatePlease to create content