Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX allow ICMP requests

I have two networks connected together via Frame-Relay. One network has a PIX on it. There is an Access-list bound to the inside interface, which is what the Frame-traffic gets routed to.

Why is it, that I can't ping some systems on the network with the PIX? I can ping some systems, and others I can't.

I have "permit ICMP any any" on my access-list, why am I still getting denied on some IP's?? Any ideas?

Aaron Paxson

Cisco Employee

Re: PIX allow ICMP requests

If you already have icmp any any, do a logging buffered debugging on the pix and do a show log after you ping to see if the pix is denying it or some other acl on the next hop router. It would be a good practice to do a clear log before you do the test.

Make sure you are also trying to reach hosts that have translation, even specifying in the pix the same address or no translation for the inside hosts.

CreatePlease to create content