Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX 515E - Ping Urgent

Hi,

Pls find the attached diagram.

the requirement is:

1. inside servers should ping pix inside,dmz,outside interface.

2.the server in pix dmz should be able to ping pix dmz,inside,outside interface and all servers inside.

3. from ISA i should be able to ping pix inside,dmz,outside interface and all servers inside.

Pls advice how to configure PIX using version 6.3(4) and 7.0

Regards,

Prashanth

2 REPLIES
Gold

Re: PIX 515E - Ping Urgent

just a quick comment.

by default, any host connected to a pix interface can ping that particular interface only. e.g. inside host can ping pix inside interface; or dmz host can ping pix dmz interface. as far as i know, there is no workaround.

Community Member

Re: PIX 515E - Ping Urgent

Hi,

First of all, PIX doesnt allow ping across its interfaces (i.e. inside subnet cant ping the DMZ or the outside interfaces of the PIX). But in order to allow a subnet to ping the interface it's directly connected to, apply: "permit icmp any " command.

In order for subnets connected to different interfaces to ping each other, you need to make sure that address tranlsation is configured properly. For example, in order for the DMZ subnet hosts to ping internal servers, you might need to apply: static (inside,dmz) netmask in order for the internal subnet to be self-translated to DMZ.

Please let me know how things go with you.

Best regards,

Haitham

157
Views
0
Helpful
2
Replies
CreatePlease to create content