https://community.cisco.com/t5/network-security/pix-501-help/m-p/314053#M549627 <HTML><HEAD></HEAD><BODY><P>You must allow ping replies back through the 501.</P><P></P><P>For example:</P><P></P><P>access-list inbound permit icmp any any eq echo-reply</P><P>access-list inbound permit icmp any any eq unreachable</P><P>access-list inbound permit icmp any any eq time-exceeded</P><P>access-list inbound permit icmp any any eq source-quench</P><P>access-group inbound in interface outside</P><P></P><P>Note: If you have an existing 'inbound' access-list, just add the access-list statements. You cannot have more than 1 access-group per interface.</P><P></P><P>This should do the trick. Let me know either way.</P><P></P><P>Doug Zitzelsberger</P><P><A href="mailto:dougz@lebanon-utilities.com">dougz@lebanon-utilities.com</A></P><P></P></BODY></HTML> Wed, 06 Apr 2005 20:56:04 GMT dougz 2005-04-06T20:56:04Z https://community.cisco.com/t5/network-security/pix-501-help/m-p/314052#M549626 <P>I've configured outside and inside interfaces. I can ping the inside interface from my laptop, which is connected directly to ethernet1, and I can ping the outside world from the PIX. However, I can NOT ping the outside world from my laptop. Am I missing a basic configuration step? Can anyone suggest anything that might do the trick? Thanks in advance.</P><P></P><P>JP</P> Fri, 21 Feb 2020 08:03:42 GMT https://community.cisco.com/t5/network-security/pix-501-help/m-p/314052#M549626 jet.pak 2020-02-21T08:03:42Z https://community.cisco.com/t5/network-security/pix-501-help/m-p/314053#M549627 <HTML><HEAD></HEAD><BODY><P>You must allow ping replies back through the 501.</P><P></P><P>For example:</P><P></P><P>access-list inbound permit icmp any any eq echo-reply</P><P>access-list inbound permit icmp any any eq unreachable</P><P>access-list inbound permit icmp any any eq time-exceeded</P><P>access-list inbound permit icmp any any eq source-quench</P><P>access-group inbound in interface outside</P><P></P><P>Note: If you have an existing 'inbound' access-list, just add the access-list statements. You cannot have more than 1 access-group per interface.</P><P></P><P>This should do the trick. Let me know either way.</P><P></P><P>Doug Zitzelsberger</P><P><A href="mailto:dougz@lebanon-utilities.com">dougz@lebanon-utilities.com</A></P><P></P></BODY></HTML> Wed, 06 Apr 2005 20:56:04 GMT https://community.cisco.com/t5/network-security/pix-501-help/m-p/314053#M549627 dougz 2005-04-06T20:56:04Z https://community.cisco.com/t5/network-security/pix-501-help/m-p/314054#M549629 <HTML><HEAD></HEAD><BODY><P>Thanks, Doug...however, I'm not able to browse either from my laptop. I'm using dhcp on the inside only. I configure the outside interface with a default route and assigned a DNS address to the outside interface. What could I have missed? Thanks again.</P></BODY></HTML> Wed, 06 Apr 2005 21:07:27 GMT https://community.cisco.com/t5/network-security/pix-501-help/m-p/314054#M549629 jet.pak 2005-04-06T21:07:27Z https://community.cisco.com/t5/network-security/pix-501-help/m-p/314055#M549632 <HTML><HEAD></HEAD><BODY><P>To ping inside interface from your laptop connected to the inside interface you need to configure the ICMP command.</P><P></P><P>example:</P><P></P><P>icmp deny any outside</P><P>icmp permit any echo-reply inside</P><P>icmp permit 192.168.1.0 255.255.255.0 echo inside</P><P>icmp permit host 192.168.1.30 echo inside</P><P></P><P>To permit ping from the inside to the internet you need as allready mentioned in the post before an access-list.</P><P></P><P>example:</P><P></P><P>access-list outside permit icmp any interface outside unreachable </P><P>access-list outside permit icmp any interface outside time-exceeded </P><P>access-list outside permit icmp any interface outside echo-reply</P><P>access-group outside in interface outside</P><P></P><P>To your last post, internet does not work:</P><P></P><P>Here is a basic config using for the NAT settings.</P><P>example for PAT configuration:</P><P></P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>route outside 0.0.0.0 0.0.0.0 Gateway 1</P><P>clear xlate</P><P>clear arp</P><P></P><P>sincerely</P><P>Patrick</P><P></P></BODY></HTML> Wed, 06 Apr 2005 21:21:03 GMT https://community.cisco.com/t5/network-security/pix-501-help/m-p/314055#M549632 Patrick Iseli 2005-04-06T21:21:03Z