Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
3
Replies

PIX 501 help

jet.pak
Level 1
Level 1

‎04-06-2005 01:24 PM - edited ‎02-21-2020 12:03 AM

I've configured outside and inside interfaces. I can ping the inside interface from my laptop, which is connected directly to ethernet1, and I can ping the outside world from the PIX. However, I can NOT ping the outside world from my laptop. Am I missing a basic configuration step? Can anyone suggest anything that might do the trick? Thanks in advance.

JP

0 Helpful
3 Replies 3

dougz
Level 1
Level 1

‎04-06-2005 01:56 PM

You must allow ping replies back through the 501.

For example:

access-list inbound permit icmp any any eq echo-reply

access-list inbound permit icmp any any eq unreachable

access-list inbound permit icmp any any eq time-exceeded

access-list inbound permit icmp any any eq source-quench

access-group inbound in interface outside

Note: If you have an existing 'inbound' access-list, just add the access-list statements. You cannot have more than 1 access-group per interface.

This should do the trick. Let me know either way.

Doug Zitzelsberger

dougz@lebanon-utilities.com

0 Helpful

jet.pak
Level 1
Level 1
In response to dougz

‎04-06-2005 02:07 PM

Thanks, Doug...however, I'm not able to browse either from my laptop. I'm using dhcp on the inside only. I configure the outside interface with a default route and assigned a DNS address to the outside interface. What could I have missed? Thanks again.

0 Helpful

Patrick Iseli
Level 7
Level 7
In response to jet.pak

‎04-06-2005 02:21 PM

To ping inside interface from your laptop connected to the inside interface you need to configure the ICMP command.

example:

icmp deny any outside

icmp permit any echo-reply inside

icmp permit 192.168.1.0 255.255.255.0 echo inside

icmp permit host 192.168.1.30 echo inside

To permit ping from the inside to the internet you need as allready mentioned in the post before an access-list.

example:

access-list outside permit icmp any interface outside unreachable

access-list outside permit icmp any interface outside time-exceeded

access-list outside permit icmp any interface outside echo-reply

access-group outside in interface outside

To your last post, internet does not work:

Here is a basic config using for the NAT settings.

example for PAT configuration:

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 Gateway 1

clear xlate

clear arp

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card