Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX vpn Question

I have some VPN tunnels setup between a few PIX boxes, and everything works great with the following exception. I cannlt ping the inside interface on the other side of any PIX. I have enabled ICMP any,any for troubleshooting reasons but still no luck.

2 REPLIES
Cisco Employee

Re: PIX vpn Question

Up until PIX 6.3 code you could not do this, nothing to do with your configuration or setup, you just can't ping a PIX interface from another interface. This is the same as you trying to ping the PIX outside interface from a machine on the inside interface of the same PIX (not over the VPN), you can't do it.

Starting in 6.3 code, we introduced a new command that'll allow you to ping, telnet, SSH, PDM to the inside interface of a PIX if you come in over a VPN tunnel. Just put the following in yor config (after upgrading if necessary):

> management-access inside

See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#1137951 for details.

Community Member

Re: PIX vpn Question

Since you have allowed icmp in your ACL, i was thinking that it might be due to the following config which may be missing.

[no] icmp permit|deny []

You can try putting in the above config to explicitly allow/deny an IP address/network to ping to the particular PIX interface.

90
Views
0
Helpful
2
Replies
CreatePlease to create content