04-26-2001 06:54 AM - edited 02-20-2020 09:47 PM
I would like to know how do I ping or reach from my LAN to the external interface of the PIX or to my valid IP range of addresses.
e.g If I need to expose a host on my internal network I would do a static mapping and then assign a conduit statement.but when I try to ping to the valid IP address assigned I am not able to do so.
I would like to mention that I am able to reach all other internet sites.
Is this a security feature of PIX FW or can we use a valid IP to ping from the LAN.
Can anybody help me in this regard.
Thanks.
04-26-2001 10:07 AM
see page 6 -62 of the config guide.
build an acl and permit icmp any any
04-30-2001 03:09 PM
Hello,
You cant ping your external static to your pix assigned IP-Adesses....we had this problem that we mapped a outside adress to a DMZ webserver...from external it was all reachable..but from internal only by the DMZ ip Adress of the webserver...
Solution: Install an internal DNS Server...or...try with "alias command" on PIX
permit icmp isnt very healthy at all ;) (disable it after you tested all)
BBB
05-01-2001 08:08 PM
Thanks it worked.I got that.
Regards
Mahavir
05-10-2001 02:08 PM
may be you need to define acl and gateway to the external addr.
05-10-2001 03:20 PM
You can not ping the external interface of a PIX unless you specificly allow that with a conduit statement.
If you put a STATIC NAT in to assign an internal host with a public IP address then that public IP will be unavailable from your internal network.
Something to do with the PIX not allowing packets originating from the inside to hit the outside & then back to the same interface which the packets originated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide