https://community.cisco.com/t5/network-security/ping-pix/m-p/521576#M526394 <HTML><HEAD></HEAD><BODY><P>This should get you started:</P><P></P><P>R4:</P><P>no ip route 10.1.1.1 255.255.255.0 20.1.24.254 </P><P>ip route 10.1.1.0 255.255.255.0 20.1.24.254</P><P></P><P>PIX:</P><P>ip address outside 20.1.24.254 255.255.255.0</P><P>no static (inside,outside) 20.x.x.x.x.1.1 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0 </P><P>access-list MYACLOUT permit icmp any any</P><P>no access-list MYACLOUT permit ip host 20.1.24.4 host 10.1.1.1</P><P>route outside 0.0.0.0 0.0.0.0 <GATEWAY ip=""> </GATEWAY></P></BODY></HTML> Thu, 13 Apr 2006 14:59:36 GMT laurent.geyer 2006-04-13T14:59:36Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521570#M526388 <P>[R4] --- PIX --- [R1]</P><P></P><P>I need to configure a static route for 10.1.1.x network on R4 and configure PIX so that R4</P><P>can ping 10.1.1.1 (R1). But, the configuration does not seem to work.</P><P></P><P>R4</P><P></P><P>!</P><P>interface Ethernet0</P><P>ip address 20.x.x.x.x.255.0</P><P>!</P><P>ip route 10.1.1.1 255.255.255.0 20.1.24.254</P><P>!</P><P></P><P>PIX</P><P></P><P>!</P><P>nameif ethernet0 inside security100</P><P>nameif ethernet1 outside security0</P><P>!</P><P>ip address inside 10.1.1.254 255.255.255.0</P><P>ip address outside 20.x.x.x.x.255.0</P><P>!</P><P>static (inside,outside) 20.x.x.x.x.1.1 netmask 255.255.255.255 0 0 </P><P>access-list MYACLOUT permit ip host 20.1.24.4 host 10.1.1.1</P><P>access-group MYACLOUT in interface outside</P><P>icmp permit host 20.1.24.4 echo outside </P><P>!</P><P>icmp deny any outside</P><P>icmp deny any inside</P><P>!</P><P></P><P>R1</P><P></P><P>!</P><P>interface Ethernet0</P><P>ip address 10.1.1.1 255.255.255.0</P><P>!</P><P></P><P>Ping does not work ?</P><P></P><P>R4# ping 10.1.1.1</P><P>....</P><P></P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:46:45 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521570#M526388 gnaveen 2020-02-21T08:46:45Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521571#M526389 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Can you try the following config on the PIX:</P><P></P><P>static (inside,outside) 10.1.1.1 10.1.1.1 netmask 255.255.255.255 0 0</P><P></P><P>instead of:</P><P>static (inside,outside) 20.1.24.4 10.1.1.1 netmask 255.255.255.255 0 0</P><P></P><P>Hope that helps - pls rate the post if it does.</P><P></P><P>Paresh</P><P></P></BODY></HTML> Thu, 16 Mar 2006 03:24:57 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521571#M526389 pkhatri 2006-03-16T03:24:57Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521572#M526390 <HTML><HEAD></HEAD><BODY><P>No, it did not work.</P><P></P><P>R4#ping 20.1.24.254</P><P></P><P>Type escape sequence to abort.</P><P>Sending 5, 100-byte ICMP Echos to 20.1.24.254, timeout is 2 seconds:</P><P>!!!!!</P><P>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms</P><P>R4#ping 10.1.1.1</P><P></P><P>Type escape sequence to abort.</P><P>Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:</P><P>.....</P><P>Success rate is 0 percent (0/5)</P><P>R4#</P><P></P><P></P></BODY></HTML> Thu, 16 Mar 2006 14:28:42 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521572#M526390 gnaveen 2006-03-16T14:28:42Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521573#M526391 <HTML><HEAD></HEAD><BODY><P>No, it did not work.</P><P></P><P>R4#ping 20.1.24.254</P><P></P><P>Type escape sequence to abort.</P><P>Sending 5, 100-byte ICMP Echos to 20.1.24.254, timeout is 2 seconds:</P><P>!!!!!</P><P>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms</P><P>R4#ping 10.1.1.1</P><P></P><P>Type escape sequence to abort.</P><P>Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:</P><P>.....</P><P>Success rate is 0 percent (0/5)</P><P>R4#</P><P></P><P></P></BODY></HTML> Thu, 16 Mar 2006 15:07:44 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521573#M526391 gnaveen 2006-03-16T15:07:44Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521574#M526392 <HTML><HEAD></HEAD><BODY><P>the icmp permit host 20.1.24.4 echo outside is allowing the host 20.1.24.2 to ping the pix, not the server that you have the static for. Add ICMP to your access-list and you should be good to go.</P><P></P><P>access-list MYACLOUT permit icmp any host 20.1.24.4</P><P></P><P>Hope this helps.</P></BODY></HTML> Thu, 16 Mar 2006 16:29:34 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521574#M526392 bcarroll 2006-03-16T16:29:34Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521575#M526393 <HTML><HEAD></HEAD><BODY><P>Simple!</P><P></P><P>Need to have a route back, </P><P></P><P>Type the following command on R1:</P><P></P><P>ip route 20.0.0.0 255.0.0.0 10.1.1.254</P><P></P><P>It should work after that...</P><P></P><P>All the best.</P></BODY></HTML> Mon, 03 Apr 2006 13:42:09 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521575#M526393 oabduo983 2006-04-03T13:42:09Z https://community.cisco.com/t5/network-security/ping-pix/m-p/521576#M526394 <HTML><HEAD></HEAD><BODY><P>This should get you started:</P><P></P><P>R4:</P><P>no ip route 10.1.1.1 255.255.255.0 20.1.24.254 </P><P>ip route 10.1.1.0 255.255.255.0 20.1.24.254</P><P></P><P>PIX:</P><P>ip address outside 20.1.24.254 255.255.255.0</P><P>no static (inside,outside) 20.x.x.x.x.1.1 netmask 255.255.255.255 0 0 </P><P>static (inside,outside) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0 </P><P>access-list MYACLOUT permit icmp any any</P><P>no access-list MYACLOUT permit ip host 20.1.24.4 host 10.1.1.1</P><P>route outside 0.0.0.0 0.0.0.0 <GATEWAY ip=""> </GATEWAY></P></BODY></HTML> Thu, 13 Apr 2006 14:59:36 GMT https://community.cisco.com/t5/network-security/ping-pix/m-p/521576#M526394 laurent.geyer 2006-04-13T14:59:36Z