04-16-2003 05:43 AM - edited 02-20-2020 10:41 PM
I have a PIX 525 for testing. If I go into monitor mode I can ping an IP on the LAN get to a tftp server and all is well. When I relaod - same IP same network connection - no connectivity.
confused??
There is absolutely NO config on teh PIX box it is wide open
anyone any ideas
04-16-2003 08:29 AM
Keep in mind that unlike a router which defaults to letting all traffic in and out, the the Pix by default allows outbound web & other UDP/TCP traffic from inside to outside, but it won't allow ICMP traffic like "ping" or "traceroute" to return from the outside to the inside.
To Allow inside hosts to ping and traceroute outside hosts do:
access-list outside_list permit icmp any any echo-reply
access-list outside_list permit icmp any any time-exceeded
access-list outside_list permit icmp any any unreachable
access-list outside_list permit icmp any any source-quench
access-group outside_list in interface outside
Take a look at "testing Connectivity" at:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_61/config/bafwcfg.htm#997560
04-17-2003 01:17 AM
OK I will try (thanks for responding)
But I have another 525 with an alomost identical config (ip's are different) and it is allowing access - there are no access lists configured on the other one.
04-16-2003 09:30 AM
One other thing you might want to check, is to see if either of your interfaces are shut down (it looks likes 6.3.1 comes this way by default - kinda silly).
type: show interface
and if its says administratively down, then you will need to run the:
interface
example:
interface e0 auto
command to remove it from being shutdown.
Hope this helps
Jeff
04-17-2003 01:15 AM
Thanks but I had checked that - the int is up
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide