Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Simple (hopefully) PIX question

I have a PIX 525 for testing. If I go into monitor mode I can ping an IP on the LAN get to a tftp server and all is well. When I relaod - same IP same network connection - no connectivity.

confused??

There is absolutely NO config on teh PIX box it is wide open

anyone any ideas

4 REPLIES
New Member

Re: Simple (hopefully) PIX question

Keep in mind that unlike a router which defaults to letting all traffic in and out, the the Pix by default allows outbound web & other UDP/TCP traffic from inside to outside, but it won't allow ICMP traffic like "ping" or "traceroute" to return from the outside to the inside.

To Allow inside hosts to ping and traceroute outside hosts do:

access-list outside_list permit icmp any any echo-reply

access-list outside_list permit icmp any any time-exceeded

access-list outside_list permit icmp any any unreachable

access-list outside_list permit icmp any any source-quench

access-group outside_list in interface outside

Take a look at "testing Connectivity" at:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/bafwcfg.htm#997560

New Member

Re: Simple (hopefully) PIX question

OK I will try (thanks for responding)

But I have another 525 with an alomost identical config (ip's are different) and it is allowing access - there are no access lists configured on the other one.

New Member

Re: Simple (hopefully) PIX question

One other thing you might want to check, is to see if either of your interfaces are shut down (it looks likes 6.3.1 comes this way by default - kinda silly).

type: show interface

and if its says administratively down, then you will need to run the:

interface

example:

interface e0 auto

command to remove it from being shutdown.

Hope this helps

Jeff

New Member

Re: Simple (hopefully) PIX question

Thanks but I had checked that - the int is up

100
Views
0
Helpful
4
Replies
CreatePlease login to create content