PIX inside to Outside..... connectivity

mahavirsj · ‎04-26-2001

I would like to know how do I ping or reach from my LAN to the external interface of the PIX or to my valid IP range of addresses.

e.g If I need to expose a host on my internal network I would do a static mapping and then assign a conduit statement.but when I try to ping to the valid IP address assigned I am not able to do so.

I would like to mention that I am able to reach all other internet sites.

Is this a security feature of PIX FW or can we use a valid IP to ping from the LAN.

Can anybody help me in this regard.

Thanks.

millerv · ‎04-26-2001

see page 6 -62 of the config guide.

build an acl and permit icmp any any

_bbb_ · ‎04-30-2001

Hello,

You cant ping your external static to your pix assigned IP-Adesses....we had this problem that we mapped a outside adress to a DMZ webserver...from external it was all reachable..but from internal only by the DMZ ip Adress of the webserver...

Solution: Install an internal DNS Server...or...try with "alias command" on PIX

permit icmp isnt very healthy at all ;) (disable it after you tested all)

BBB

mahavirsj · ‎05-01-2001

Thanks it worked.I got that.

Regards

Mahavir

frank.chi · ‎05-10-2001

may be you need to define acl and gateway to the external addr.

jose.calvillo · ‎05-10-2001

You can not ping the external interface of a PIX unless you specificly allow that with a conduit statement.

If you put a STATIC NAT in to assign an internal host with a public IP address then that public IP will be unavailable from your internal network.

Something to do with the PIX not allowing packets originating from the inside to hit the outside & then back to the same interface which the packets originated.