Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1687
Views
0
Helpful
1
Replies

PIX 515 won't Ping

chonet4444
Level 1
Level 1

‎10-31-2001 12:15 PM - edited ‎02-20-2020 09:53 PM

I've setup a PIX 515UR as follows:

Internet--Proxy--Hub---PIX515UR---HUB---Host.

I can't ping from the host to the Proxy. I also can't ping from the Proxy to the host. I believe I've correctly set the access-lists and access-groups according to the documentation. I can Ping the outside and inside interfaces from the outside and inside, but I cannot Ping through the 515UR.

Building configuration...

: Saved

:

PIX Version 6.1(1)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 intf2 security10

nameif ethernet3 intf3 security15

nameif ethernet4 intf4 security20

nameif ethernet5 intf5 security25

enable password b1bl7I8rH9BR1W9D encrypted

passwd yruhere99yruhere encrypted

hostname xxxxxxxxx

domain-name xxxxxxx.com

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list ping_acl permit icmp any any

pager lines 24

logging buffered debugging

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto shutdown

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

icmp permit any echo-reply outside

icmp permit any echo-reply inside

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

mtu intf4 1500

mtu intf5 1500

ip address outside 192.168.1.104 255.255.255.0

ip address inside xxx.xxx.14.1 255.255.255.xxx

ip address intf2 127.0.0.1 255.255.255.255

ip address intf3 127.0.0.1 255.255.255.255

ip address intf4 127.0.0.1 255.255.255.255

ip address intf5 127.0.0.1 255.255.255.255

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

failover ip address outside 0.0.0.0

failover ip address inside 0.0.0.0

failover ip address intf2 0.0.0.0

failover ip address intf3 0.0.0.0

failover ip address intf4 0.0.0.0

failover ip address intf5 0.0.0.0

pdm history enable

arp timeout 14400

nat (inside) 0 xxx.xxx.14.0 255.255.255.0 0 0

static (inside,outside) xxx.xxx.14.0 161.157.14.0 netmask 255.255.255.xxx 0 0

access-group ping_acl in interface outside

access-group ping_acl in interface inside

conduit permit tcp any any

route outside 0.0.0.0 0.0.0.0 192.168.1.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http xxx.xxx.xxx.13 255.255.255.255 inside

http xxx.xxx.xxx.13 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:57e9beab1b2643898e2ff8c71d41726c

: end

[OK]

0 Helpful
1 Reply 1

jgmitter
Level 4
Level 4

‎10-31-2001 05:15 PM

access-list acl_out permit icmp any any

access-list acl_out permit icmp any any echo-reply

access-list acl_out permit icmp any any unreachable

access-list acl_out permit icmp any any time-exceeded

dont need to apply the statement to the inside interface, remeber there is an implict deny after a permit statement!! You will be able to ping from the inside host but not from the outside in! hope this helps!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card