Re: PIX515e Will not pass traffic

damrut5763 · ‎10-31-2006

I have a firewall running 6.3(4) software I can't ping any interfaces on the firewall from inside my network. Can't ping inside firewall interface or DMZ interface after reboot all was well prior, check configure nothing change. I can't do " Ping inside x.x.x.x get no response; however I can ping from inside the firewall servers on the dmz. Please Help!

bob.bartlett · ‎10-31-2006

Can you post your config? Remember to replace information like usernames and passwords and actual IP addresses with fictitious information or in the case of username and password just leave it out.

damrut5763 · ‎10-31-2006

OK here it goes:

cpembleton · ‎10-31-2006

First, the pix unlike other Cisco IOS does not allow you to ping an interface on the far side of the device. So if you are on the inside the only interface of the pix you can ping is the inside. Pinging from the inside to the outside or dmz interfaces is not permitted ever.

Second, you may want to covert your conduits to ACL's.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K13027035

Third, I'm not that familiar with conduits but everything else looks fine. Turn on debugging and see what is causing the icmp packets to be dropped.

Thanks,

Chad

damrut5763 · ‎10-31-2006

Thanks I will also set my interfaces from auto to 100full. Can,t understand why can't ping or telnet to my firewall from inside my network have to console in.

bob.bartlett · ‎10-31-2006

Is your router on the inside working correctly your PIX looks fine but all routing to internal networks goes through your 10.0.10.1 device and is it routing correctly?

damrut5763 · ‎11-01-2006

Yes, everything route through my 6509 however the pix started acting up after a reboot. Config didn't change after reboot. can't ping or telnet to my inside interface 10.0.10.2 from anywhere, work prior to reboot?