03-11-2002 06:01 AM - edited 02-20-2020 10:00 PM
I have a pix with and address of 192.168.2.250 and have just installed a Cisco 760 to route to a WAN address 192.168.0.0. I can ping everything on the other side of the WAN link from the 760 and the pix but not from any pcs. I have the following on the pix:
route inside 192.168.0.0 255.255.255.0 192.168.2.251 1
Any ideas
03-12-2002 09:36 AM
Do you have the NAT statements on the Pix? Have you created an ACL, or Conduit to permit icmp traffic? Are you trying to ping outside, or to a dmz interface, or from the outside to the inside?
03-19-2002 09:31 AM
yes as follows:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-list acl_out permit icmp any any
I'm trying to ping from the inside to a WAN link on the inside. I can ping both Pix and Router but cannot see anything on the other side of the router
03-20-2002 01:03 AM
I think the "route inside" should be "route outside" instead.
If you want to allow icmp (ping)replies through the 506, you should use
access-list acl_in permit icmp any any echo-reply
access-list acl_in permit icmp any any time-exceeded
and apply this to the outside interface, like this,
access-group acl-in in interface outside
Also remember to set the gateway of your PCs to the ip of the inside interface of the 506.
Hope this helps.
Regards,
Ron
03-20-2002 01:14 AM
Are you using nat or napt at the router?
Maybe you are not using public and legal ip address to access the internet, so when icmp packets responses try to come back, don't recognize the source ip address.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide