cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1163
Views
0
Helpful
1
Replies

PIX allow ICMP requests

apaxson
Level 1
Level 1

I have two networks connected together via Frame-Relay. One network has a PIX on it. There is an Access-list bound to the inside interface, which is what the Frame-traffic gets routed to.

Why is it, that I can't ping some systems on the network with the PIX? I can ping some systems, and others I can't.

I have "permit ICMP any any" on my access-list, why am I still getting denied on some IP's?? Any ideas?

Aaron Paxson

1 Reply 1

cjacinto
Cisco Employee
Cisco Employee

If you already have icmp any any, do a logging buffered debugging on the pix and do a show log after you ping to see if the pix is denying it or some other acl on the next hop router. It would be a good practice to do a clear log before you do the test.

Make sure you are also trying to reach hosts that have translation, even specifying in the pix the same address or no translation for the inside hosts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: