https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827513#M969744 <P>PIX-515E running 7.2.2</P><P>Internal network on private IP addresses, external network on public addresses.</P><P>Each internal Web server has its own external IP address. PIX is doing PAT, mapping the external port 80/tcp to port 8080/tcp internally on each Web server like this:</P><P></P><P>static (inside,outside) tcp web1-ext 80 web1-int 8080 netmask 255.255.255.255</P><P></P><P>The problem is, now I cannot allow ICMP echo requests to the Web servers.</P><P></P><P>If I did NAT (see below) then ICMP would be able to pass, but I need to translate the port too, so this won't work for me:</P><P></P><P>static (inside,outside) web1-ext web1-int netmask 255.255.255.255</P><P></P><P>How to do PAT (80--&gt;8080) but also allow inbound ICMP echo requests?</P> Mon, 11 Mar 2019 11:08:57 GMT hws_admin 2019-03-11T11:08:57Z https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827513#M969744 <P>PIX-515E running 7.2.2</P><P>Internal network on private IP addresses, external network on public addresses.</P><P>Each internal Web server has its own external IP address. PIX is doing PAT, mapping the external port 80/tcp to port 8080/tcp internally on each Web server like this:</P><P></P><P>static (inside,outside) tcp web1-ext 80 web1-int 8080 netmask 255.255.255.255</P><P></P><P>The problem is, now I cannot allow ICMP echo requests to the Web servers.</P><P></P><P>If I did NAT (see below) then ICMP would be able to pass, but I need to translate the port too, so this won't work for me:</P><P></P><P>static (inside,outside) web1-ext web1-int netmask 255.255.255.255</P><P></P><P>How to do PAT (80--&gt;8080) but also allow inbound ICMP echo requests?</P> Mon, 11 Mar 2019 11:08:57 GMT https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827513#M969744 hws_admin 2019-03-11T11:08:57Z https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827514#M969749 <HTML><HEAD></HEAD><BODY><P>Sorry, I don't think that's possible.</P></BODY></HTML> Mon, 10 Sep 2007 16:42:29 GMT https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827514#M969749 acomiskey 2007-09-10T16:42:29Z https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827515#M969753 <HTML><HEAD></HEAD><BODY><P>That's not possible.</P></BODY></HTML> Mon, 10 Sep 2007 17:48:41 GMT https://community.cisco.com/t5/network-security/how-to-allow-icmp-when-doing-tcp-pat/m-p/827515#M969753 hsajwan 2007-09-10T17:48:41Z