https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315452#M553405 <HTML><HEAD></HEAD><BODY><P>Eric, </P><P></P><P>I had a quick look at your config and one thing I noticed is that you dont't seem to have any access-group LANOut in interface inside applied, also for your reference check out the following URL on how to handle icmp traffic through the pix.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/110/31.html" target="_blank">http://www.cisco.com/warp/public/110/31.html</A></P><P></P><P>Also, remember to issue clear xlate after any modifications to ACLs or statics and save with write mem.</P><P></P><P>Hope this helps,</P><P></P><P>Jay</P></BODY></HTML> Wed, 22 Dec 2004 10:28:20 GMT jmia 2004-12-22T10:28:20Z https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315451#M553404 <P>I am having an issue where all wanted traffic can get in (Webpages, DNS, SMTP, etc.) but no machine from the inside can get out....even with a ping.</P><P></P><P>I attached my config,</P><P></P><P>When I try to ping to the outside from inside, I get this error logged...</P><P></P><P></P><P></P><P>305006: portmap translation creation failed for icmp src inside:192.168.4.22 dst outside:63.243.97.154 (type 8, code 0)</P><P></P><P></P><P></P><P>I also see this for UDP as well...</P><P></P><P>Any help would be great!</P><P></P><P>Thanks</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 07:49:25 GMT https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315451#M553404 eelliston 2020-02-21T07:49:25Z https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315452#M553405 <HTML><HEAD></HEAD><BODY><P>Eric, </P><P></P><P>I had a quick look at your config and one thing I noticed is that you dont't seem to have any access-group LANOut in interface inside applied, also for your reference check out the following URL on how to handle icmp traffic through the pix.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/110/31.html" target="_blank">http://www.cisco.com/warp/public/110/31.html</A></P><P></P><P>Also, remember to issue clear xlate after any modifications to ACLs or statics and save with write mem.</P><P></P><P>Hope this helps,</P><P></P><P>Jay</P></BODY></HTML> Wed, 22 Dec 2004 10:28:20 GMT https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315452#M553405 jmia 2004-12-22T10:28:20Z https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315453#M553406 <HTML><HEAD></HEAD><BODY><P>Humm, in with the acl applied (access-group LANOut in interface inside) and clearing the xlate...same problem.</P><P></P><P>Can't ping...can't surf...humm..</P><P></P><P></P><P>thanks!</P></BODY></HTML> Wed, 22 Dec 2004 13:50:58 GMT https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315453#M553406 eelliston 2004-12-22T13:50:58Z https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315454#M553407 <HTML><HEAD></HEAD><BODY><P>Oh, and another thing...</P><P></P><P>The devices on the inside (windows servers) have 2 IPs on the interface. One is 192.168.4.x the other is 192.168.64.x,192.168.65.x or 192.168.68.x.</P><P></P><P>I do a translation to that network (one to one)...which seems to work fine.</P><P></P><P></P><P>The problem is when I try to surf outside....the machines primary ip is the 192.168.4.x network, which has a one to many translation (PAT). I dunno why...the client wanted it this way for some reason.</P><P></P><P>Maybe that will help figure out whats up.</P><P></P><P>Thanks!</P></BODY></HTML> Wed, 22 Dec 2004 13:57:41 GMT https://community.cisco.com/t5/network-security/problem-passing-traffic-outside-the-pix/m-p/315454#M553407 eelliston 2004-12-22T13:57:41Z