Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7707
Views
5
Helpful
4
Replies

ping to private IP form internet

mo shea
Level 1
Level 1

‎06-08-2005 01:11 PM - edited ‎03-02-2019 11:03 PM

Hi...

I was reading how to set up vpns between two PIX firewalls via internet. Each firewall

resides behind a router at either site. The fist step was to test connectivity between the

firewalls at each site before establishing vpn. This involved pinging the firewalls

ethernet interfaces which are private IP addresses.

I was wondering how is it possible to ping an internal private IP address over the

internet. I know it is possible for public IPs. Any help or links where can I read on

this subject is highly appreciated.

Thanks

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎06-08-2005 01:34 PM

I am not sure what you were reading. But if it said that the PIX firewall outside interface was in private address space, then I think that they made a mistake. Perhaps you can post a link to the material that you were reading so we can check it out.

In essence you are correct that from the public Internet you can not ping to private addresses (10.0.0.0, 172.16.00, and 192.168.0.0).

HTH

Rick

HTH

Rick
0 Helpful

mo shea
Level 1
Level 1
In response to Richard Burts

‎06-08-2005 02:16 PM

Thanks for the reply.

I was viewing csvpn 'how to configure PIX firewall IPsec for Pre-Shared keys' lab activity from cisco. I dont know whether it is ok to post a screen dump of the e-lab. Once I run the demo, the first command from PIX 1 is ping outside 192.168.2.2.

Perhaps if it was a wan link it would have been possible, but the lab shows internet between the two sites

Thanks

0 Helpful

navnit
Level 1
Level 1
In response to mo shea

‎06-08-2005 05:23 PM

Hi,

Without initiating a VPN tunnel between two PIXs , you can't ping private interface of PIX at other end.

However its possible to ping Public or DMZ interface at far end.

Its better, post a diagram to have brief idea about setup.

Regards,

Navnit

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mo shea

‎06-08-2005 06:02 PM

Thanks. Knowing that it is a scenario from an e-lab I understand much better what is going on. And probably it is just as well not to bother trying to post screen shots from the lab.

I think the key is that this is a lab and not the real public Internet. In a lab environment you can easily make 192.168.2.2 routable in its "internet".

One of the key concepts that the lab is trying to establish is that for the VPN to work there must be IP connectivity from the outside interface of one end (PIX) to the outside interface of the other end (PIX). If ping from one to the other does not work then the VPN tunnel will not work. And that is a very important point. In the real world Internet that could not work with private addresses but in a lab internet it is quite possible.

We might discuss whether the lab could be better (more "realistic") if it used public addresses in the lab. But as someone who taught Cisco courses for a number of years I know that Cisco generally has a directive to not use "real" addresses in labs because of the tendency of students to take the lab materials and try to do it in live networks. And I think that directive is a good thing.

So in the lab go ahead and ping to 192.168.2.2 and build your VPN. In the lab it should work while in the real world it would not.

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents