Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX 501 and ICMP

Hello

I have a new 501 that I have configured with my cable modem. I am using dhcp on the outside int with the ip address outside dhcp setroute command.

Okay I get an address and I can surf. The rest of the config is standard NAT stuff and the rest.

The issue is I can not ping through my firewall even though I can surf. Sounds like an ICMP issue right.

My access-list is as follows

access-list acl_out permit icmp any any

access-group acl_out in interface outside

Pretty basic stuff. My sh logg says I'm getting replies but no go on the inside. I also plugged the ole laptop direct into the cable modem to see if my ISP was filtering ICMP but it all worked out fine. Hummmmm

Sooo.. Does running dhcp on the outside int have an effect on access-lists? I do get an address and gateway. BTW: I can not ping from the PIX console either. Pretty wierd.

Can you help me????

Thanks Mike

3 REPLIES
New Member

Re: PIX 501 and ICMP

I figured it out. It was the IP Audit commands I had in ther for the IDS stuff. Thanks

New Member

Re: PIX 501 and ICMP

Hi Mike,

there's a icmp command in the Pix.

You should add icmp permit any outside or

something like that. Read the docs,

It's in there.

Peter

New Member

Re: PIX 501 and ICMP

Try to add the outside and inside interface.

access-list acl_out permit icmp any any

access-group acl_out in interface outside

access-list acl_in permit icmp any any

access-group acl_in in interface inside

214
Views
0
Helpful
3
Replies
CreatePlease to create content