i hav got Cisco PIX, one of the interface ip address on the pix is 172.16.0.254, this pix is connected to the core switch which is 3COM switch layer 3, it has got 2 ip address 172.16.0.100 & 192.168.200.1. default gateway ip address to this 3COM switch is 172.16.0.254
i had given route to reach 192.168.200.0/24 via 172.16.0.100, with this PIX could able to ping 192.168.200.1, which is nothing but the ip address of 3COM switch.
my PC ip address is 172.16.0.82, gateway is 172.16.0.254, with this i can't ping 192.168.200.1, where as if i set my gateway ip address as 172.16.0.100, i could able to ping, no access-list nothing configured on 3COM as well as on Cisco PIX for 172.16.0.0 & 192.168.200.0 network.
my question is, if PIX could able to reach 192.168.200.1, then why not my PC which is having the PIX ip address as gateway couldn't reach?
This is the log i get in the PIX
Jun 21 11:13:25 172.16.0.254 %PIX-3-106011: Deny inbound (No xlate) icmp src inside:172.16.0.82 dst inside:192.168.200.1 (type 8, code 0)
The message will appear under normal traffic conditions if there are internal users that are accessing the Internet via a web browser. Anytime a connection is reset, when the host at the end of the connection sends a packet after the firewall receives the reset, this message will appear. It can typically be ignored.
Recommended Action: Disable this syslog message from getting logged to the syslog server by entering the no logging message 106011 command.
Related documents- No specific documents apply to this error message.
you have just copied & pasted the log message what ever was on the Cisco - Output Interpreter, well even i know that & i have checked the same, but i am looking for a solution. you have just posted the last line, i am looking for the solution which was listed on top of last lines.
First of all any traffic in Pix iwll be allowed only if translation rules are specified irrespective ot ACL's. that means if you intend to make communication happen between two networks thru pix without performing NAT still you need to specify translation rules which will be identity nat (no nat)
Second by default icmp allowed only on inside interface ( exception PIX will be able to do ping to all conencted network)
try this solution and then let me know with your complete topology with VLAN etc.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...