I've been researching this problem for several days now, and have come up totally short in terms of finding a solution. I have a PIX 515 with an internal network range of 10.10.0.0/8 behind it and a single external IP I obtain via DHCP [cable]. I have the PIX inside configured as 10.10.0.1 and I have it using DHCP to obtain an IP for the external address.
Now here's the problem: I can ping the other 10.10.0.0/8 machines
from the PIX, and I can ping outside IPs from the PIX. However, I cannot
get the traffic to route from the internal network through the PIX using
I think I am missing some route command to send all 0 0 traffic from the inside to the outside, but ??
I am still learning so any extra info would be appreciated as well.
the default route is set by the 'setroute' parameter of the 'ip address' command. So that ok.
That nat/global statement also seem ok. Every packets that goes out is hidden by the outside interface address.
You are trying to mix conduits and access-lists. This may cause the problems. Remove the conduit command for the icmp and use only the access-list command. Make sure to bind the access-list to the outside interface:
no conduit permit icmp any any
access-list acl_grp permit icmp any any
access-group acl-grp in interface outside
These lines allow all inbound icmp traffic from the outside to the inside. May be you should narrow it down to only icmp echo replies packets.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :