We currently have a Cisco PIX that connects to our local network and then out to a T1 connection. We added a loadbalancing device that sits between the T1 link and the PIX. I changed the PIX's outside IP address and outside interface default route to fit the configuration change. From on the PIX I can ping out to the Internet. From behind the PIX I cannot ping out to the Internet. I cannot even ping the external PIX interface from a workstation that is behind the PIX (behind the PIX = a workstation on the PIX's LAN). Is there a configuration issue? Is there something that the PIX does by default that I am not aware of?
For the first part of your message, we really do not have enough info to help in pinpointing the issue. Perhaps we can start with your config (please remove all passwords and IP's). As for part 2, it is expected that you would not be able to ping the PIX outside interface from a host on the inside network. Packets must come in an interface and leave an interface in order to be passed by the PIX. The PIX will not route back onto itself. Hope this helps.
It is probably worth mentioning that I have proxyarp disabled. Also, our load balancing device does nat and so does the PIX. It is very odd because it seemsthat traffic does not pass from the PIXs internal network to the external. Also, DMZ traffic will not pass to the outbound interface.
1- the access-list 101 should have an entry for the echo replies
access-list 101 permit icmp any any echo-reply
2- You have a few static defined on the PIX, which are probably translating to public address, hence only these IPs will be allowed to go to the internet, provided you have routes configured for these IPs on your Load Balancer.
3- All other devices besides the one in static will not be able to go intenet unless you configure nat for them.
That is true regarding the access list, I forgot about that. Also the information regarding the static entries is of note. I have been looking at this too long and in the wrong places I think. I will try these and post when I see what results. Thanks!
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...