PIX 525 - Can't ping inside interface from inside

trangen — Mon, 11 Mar 2019 09:20:13 GMT

This is driving me nuts, bc I can't figure it out. Please Help!

==============================

I have a new PIX 525.

I'm trying to upgrade the IOS, and can't even ping to get to the PC/TFTP Server.

It's driving me nuts.

I can upgrade it via Monitor Mode, no problem.

But I'm trying to upgrade via "copy tftp flash" command, which won't work if I

can't even ping.

I?m not even trying to go out. Just trying to ping the inside interface from the inside. I?ve got my PC directly connected to the Inside Interface.

Also, this is a Secondary PIX, not the primary. That shouldn?t matter should it?

Any suggestions would be grateful.

=======================================

PC/TFTP Server (directly connected to PIX Inside interface)

10.107.16.116 255.255.255.0

GW 10.107.16.1

=======================================

PIX config I entered:

nameif e1 inside sec100

int e1 auto

ip addr inside 10.107.16.118 255.255.255.0

route inside 0 0 10.107.16.116

icmp permit 10.107.16.116 inside

conduit permit icmp any any echo-reply

PIX Config is below:

=======================================

: Written by enable_15 at 10:18:57.897 UTC Fri Jan 12 2007

PIX Version 6.3(1)

interface ethernet0 auto shutdown

interface ethernet1 auto

interface gb-ethernet0 1000auto shutdown

interface gb-ethernet1 1000auto shutdown

interface ethernet2 auto shutdown

interface ethernet3 auto shutdown

interface ethernet4 auto shutdown

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif gb-ethernet0 intf2 security4

nameif gb-ethernet1 intf3 security6

nameif ethernet2 intf4 security8

nameif ethernet3 intf5 security10

nameif ethernet4 intf6 security12

nameif ethernet5 intf7 security14

enable password xxxxxxxxxxxxxxxxx

passwd xxxxxxxxxxxxxx encrypted

hostname PIX525A

domain-name xxx

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

pager lines 24

icmp permit 10.107.16.116 inside

mtu outside 1500

mtu inside 1500

mtu intf2 1500

mtu intf3 1500

mtu intf4 1500

mtu intf5 1500

mtu intf6 1500

mtu intf7 1500

no ip address outside

ip address inside 10.107.16.118 255.255.255.0

no ip address intf2

no ip address intf3

no ip address intf4

no ip address intf5

no ip address intf6

no ip address intf7

ip audit info action alarm

ip audit attack action alarm

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address intf2

no failover ip address intf3

no failover ip address intf4

no failover ip address intf5

no failover ip address intf6

no failover ip address intf7

pdm history enable

arp timeout 14400

conduit permit icmp any any echo-reply

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

no snmp-server location

no snmp-server contact

snmp-server community nonpublic

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxxxxxxxxxxxxxxx

===============================

Thanks to All in advance

Re: PIX 525 - Can't ping inside interface from inside

jgervia_2 — Tue, 16 Jan 2007 18:04:12 GMT

Couple of questions:

Do you get link? (interface shows as up when you do a show int on the pix?)

Are you using a crossover cable?

Do you get an arp entry on the firewall for you PC (assuming the first 2 questions are yes) ?

Have you confirmed that your PC has the correct IP address and subnet mask?

--Jason

Please rate this message if it helped solve some or all of your issue

Re: PIX 525 - Can't ping inside interface from inside

trangen — Tue, 16 Jan 2007 21:26:26 GMT

Jason,

Yes, get link light, and when I pink from PC, I can see activity light on the Inside Int.

No, no crossover cable, only straight through being used.

Yes, PC has 10.107.16.116 24 bit mask.

PIX, has 10.107.15.118, 24 bit mask.

No, Arp entry on PIX.

When I enter "sh arp" nothing is replied.

Thanks

Don

Re: PIX 525 - Can't ping inside interface from inside

trangen — Tue, 16 Jan 2007 21:36:22 GMT

Jason,

sorry, my bad, it did pick up the arp from the PC.

I had just powered it up, and the arp was empty, but then it showed up.

Thanks

Re: PIX 525 - Can't ping inside interface from inside

scottic1 — Wed, 17 Jan 2007 17:42:00 GMT

Looking at your statement above-

"Yes, PC has 10.107.16.116 24 bit mask.

PIX, has 10.107.15.118, 24 bit mask."

The PC and the PIX are on different subnets (10.107.16.0 255.255.255.0- PC, 10.107.15.0 255.255.255.0- PIX). Are these IP Addresses/subnet masks accurate? If not, that could be a cause of your problem.

Re: PIX 525 - Can't ping inside interface from inside

trangen — Wed, 17 Jan 2007 21:27:25 GMT

Sorry, typo on my part, it should have said

"Yes, PC has 10.107.16.116 24 bit mask.

PIX, has 10.107.16.118, 24 bit mask."

Thanks

topic Re: PIX 525 - Can't ping inside interface from inside in Network Security

PIX 525 - Can't ping inside interface from inside

Re: PIX 525 - Can't ping inside interface from inside

Re: PIX 525 - Can't ping inside interface from inside

Re: PIX 525 - Can't ping inside interface from inside

Re: PIX 525 - Can't ping inside interface from inside

Re: PIX 525 - Can't ping inside interface from inside