My understanding of a general PIX config is to have the inside interface connected to your LAN and the outside interface connected to the "Internet". Now I have configured the NAT to translate my internat 192.168.x.x address to my routable address on the outside interface with the commands global(outside)X.X.X.X and NAT(inside)192.168.X.X and this all works fine. I have an access-list on my inside interface which permits icmp from any to any. My question is, how do I permit the reply to my pings through my outside interface? If I do not have an ACL on my outside interface permitting ICMP I cannot ping across from the inside to the outside - but I thought an ACL on my outside interface was a bad idea?
Any help would be great if you can understand my poor question!
Not sure if this has been answered or not, but, you do need to assign an access-list to the outside interface. You can do it a couple ways (icmp outside permit any any) or, create an access-list and bind it to the outside interface. You do need to bind an ACL to the outside interface to permit PAT thorugh to an inside server (web email etc), so:
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...