Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
3
Replies

pix 515E

barry-goldberg
Level 1
Level 1

‎11-03-2005 08:24 AM - edited ‎02-21-2020 12:30 AM

Hi,

I have pix 515E for some reason I can't ping non interfaces nor inside to outside and nor outside to inside. any suggestions?

Help needed

0 Helpful
3 Replies 3

thisisshanky
Level 11
Level 11

‎11-03-2005 09:30 AM

Are the interface in "up" state ?

sh int e0

sh int e1

int e0 auto

int e1 auto

ip address inside <> <>

ip address outside <> <>

ping

See if that helps.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus
0 Helpful

Patrick Iseli
Level 7
Level 7
In response to thisisshanky

‎11-03-2005 09:43 AM

Ping is not a stateful protocol. To allow pings from the inside to the outside interface you need to create an access-list. If you want to ping the same interface that you are physicly connected you need to configure the "icmp" command.

example:

See: Handling ICMP Pings with the PIX Firewall

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

The PIX and the traceroute Command

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800e9312.shtml

examples:

Traveroute

Microsoft:

access-group 101 in interface outside

access-list 101 permit icmp any host YourPublicIP unreachable

access-list 101 permit icmp any host YourPublicIP time-exceeded

access-list 101 permit icmp any host YourPublicIP echo-reply

UNIX:

access-group 101 in interface outside

access-list 101 permit icmp any host YourPublicIP unreachable

access-list 101 permit icmp any host YourPublicIP time-exceeded

ICMP command example

icmp deny any outside

icmp permit any echo-reply outside

icmp permit any echo-reply inside

icmp permit host 192.168.1.30 echo inside

icmp permit host 192.168.1.31 echo inside

icmp permit host 192.168.1.20 echo inside

icmp permit host 192.168.1.40 echo inside

icmp permit host 192.168.1.100 echo inside

sincerely

Patrick

0 Helpful

barry-goldberg
Level 1
Level 1
In response to thisisshanky

‎11-03-2005 02:06 PM

yes, they are up and running

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card