cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
5
Helpful
3
Replies

Problem in pix515 with ios7.2(3)

santukumar
Level 1
Level 1

Actualy i can ping from inside to outside with ip 192.168.101.11, but can't ping from ip 192.168.101.123.I have also post the running config.Plz reply back asap.

thanks

3 Replies 3

thefindjack
Level 1
Level 1

This is because you have an Access-list set INBOUND on your inside interface and you do not have a permit statement to allow traffic to the address (192.168.101.123). You need to add the IP address or an Object group that it is listed in to the "inside_access_in" access-list.

Example

access-list inside_access_in extended permit ip object-group MailDNS object-group xxxxx

access-list inside_access_in extended permit ip host 192.168.101.123 object-group xxxxx

access-list inside_access_in extended permit ip object-group MailDNS1 ip host xxxxx

You will need to do this because the way your access-list reads you will block all IP traffic that is not implicitly allowed BEFORE you allow ICMP from any to any. So you will need to allow IP traffic from that address first or you will need to change the position of your two lines....

access-list inside_access_in extended deny ip any any

access-list inside_access_in extended permit icmp any any

to be....

access-list inside_access_in extended permit icmp any any

access-list inside_access_in extended deny ip any any

After modification (according to u), it is not working means still ip x.x.x.123 is not working, but other ip is working fine.Plz relpy asap.

Did you add it to the object group and put the object group in your INBOUND IN access list? Or did you just add an entry for it alone?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: