had a very strange problem somedays back, and i'm wondering if anyone can help. Went to a client's site to replace a PIX 501 with and existing PIX 501, but for some reason, i was unable to estable reachability via ping on the internet. I regenerated the rsa key, recreated ssh, saved and reloaded my config, but i still had the same issue. please find the show run output of pix:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name xxx.xxx.xxx.xxx LANZ-access
name xxx.xxx.xxx.xxx landmark-firewall
access-list 80 permit ip 192.168.100.0 255.255.255.0 host 192.168.1.153
access-list 80 permit ip 192.168.100.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list acom-traffic permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0
Do you mean ping through to the internal network or ping to the outside interface of the pix.
If you are trying to ping the outside interface you need the following statement in your config
icmp permit any outside
You can tie down the IP addresses that are able to ping by replacing the any with individual IP addresses. Your outside access-list allowing ip to any will still not allow you to ping the outside interface of the pix.
If you are trying to ping through could you let us know the source and destination of the ping.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...