Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
2
Replies

2 router and one PIX firewall

nagalakshmi_n2000
Level 1
Level 1

‎11-21-2003 01:37 AM - edited ‎02-20-2020 11:06 PM

In our office we have 2 router and 1 pix 515R firewall i am able to ping and TFTP inside router but outside router i am not able to PING not TFTP from any host......is these because of NATING in PIX..But i am able to ping the outside router from PIX

0 Helpful
2 Replies 2

nkhawaja
Cisco Employee
Cisco Employee

‎11-21-2003 10:36 AM

Hi,

From inside hosts to ping to outside, certain criteria has to met. for example

1- Any form of translation (or no translation) has to be there e.g. the following statements are required

nat (inside) 1 0 0

global (outside) 1 interface

2- For PING you need to open up icmp echo reply to come back from a low security interface to a high security level interface. e.g.

access-list 100 permit icmp any any echo-reply

access-group 100 in interface outside.

There can be several combinations/variations of the above two requirements.

Oh and ofcourse you need a default route in your pix firewall pointing towards your default gateway/outside router.

Thanks

Nadeem Khawaja

0 Helpful

nagalakshmi_n2000
Level 1
Level 1
In response to nkhawaja

‎11-21-2003 10:34 PM

In PIX we have configured the

Global(outside)1 IP address

Nat (inside)1 0.0.0.0 0.0.0.0

and instead of access-list we have "conduit permit icmp any any"

And i did not get your last answer default gateway of outside router....Can u please explain me with commands regarding these

Thanks for the reply

Nagalakshmi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card