Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Routing with PIX 506

I have a pix with and address of 192.168.2.250 and have just installed a Cisco 760 to route to a WAN address 192.168.0.0. I can ping everything on the other side of the WAN link from the 760 and the pix but not from any pcs. I have the following on the pix:

route inside 192.168.0.0 255.255.255.0 192.168.2.251 1

Any ideas

4 REPLIES
New Member

Re: Routing with PIX 506

Do you have the NAT statements on the Pix? Have you created an ACL, or Conduit to permit icmp traffic? Are you trying to ping outside, or to a dmz interface, or from the outside to the inside?

New Member

Re: Routing with PIX 506

yes as follows:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-list acl_out permit icmp any any

I'm trying to ping from the inside to a WAN link on the inside. I can ping both Pix and Router but cannot see anything on the other side of the router

New Member

Re: Routing with PIX 506

I think the "route inside" should be "route outside" instead.

If you want to allow icmp (ping)replies through the 506, you should use

access-list acl_in permit icmp any any echo-reply

access-list acl_in permit icmp any any time-exceeded

and apply this to the outside interface, like this,

access-group acl-in in interface outside

Also remember to set the gateway of your PCs to the ip of the inside interface of the 506.

Hope this helps.

Regards,

Ron

New Member

Re: Routing with PIX 506

Are you using nat or napt at the router?

Maybe you are not using public and legal ip address to access the internet, so when icmp packets responses try to come back, don't recognize the source ip address.

Regards.

133
Views
0
Helpful
4
Replies