10-04-2005 03:18 AM - edited 07-04-2021 11:11 AM
Hi Everyone,
My understanding of a general PIX config is to have the inside interface connected to your LAN and the outside interface connected to the "Internet". Now I have configured the NAT to translate my internat 192.168.x.x address to my routable address on the outside interface with the commands global(outside)X.X.X.X and NAT(inside)192.168.X.X and this all works fine. I have an access-list on my inside interface which permits icmp from any to any. My question is, how do I permit the reply to my pings through my outside interface? If I do not have an ACL on my outside interface permitting ICMP I cannot ping across from the inside to the outside - but I thought an ACL on my outside interface was a bad idea?
Any help would be great if you can understand my poor question!
Many thanks,
Dan
10-05-2005 05:52 AM
Take a look at this document it should help answer your questions:
11-02-2005 02:36 PM
Not sure if this has been answered or not, but, you do need to assign an access-list to the outside interface. You can do it a couple ways (icmp outside permit any any) or, create an access-list and bind it to the outside interface. You do need to bind an ACL to the outside interface to permit PAT thorugh to an inside server (web email etc), so:
access-list ACLNAME permit icmp any any
access-group ACLNAME in interface outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide