Re: Can't ping to any interfaces....

rangelino · ‎04-28-2005

I'm doing this and it's coming back with no response:

ping inside 192.168.2.1 # ping inside - dmz

I've been burying myself in pix docs... I'm attaching my pix config.....

-robert

lgijssel · ‎04-29-2005

Looked at your config. You should change the following:

route outside 0.0.0.0 0.0.0.0 192.168.0.1 1 should be

route outside 0.0.0.0 0.0.0.0 1.2.23.81 (assuming .81 is your Internet router)

What will cause you even more problems is the static:

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0 Please remove this line.

As far as I can see, you are referring to an identical subnet here. This last line may cause your problem. Please post the results of: show interface and: show route if it still does not work.

Regards,

Leo

rangelino · ‎04-29-2005

Leo,

I have the inside interface connected to a live network so I can test, that's why I have the default route going to 192.168.0.1. The static 192.168.0.0 to 192.168.0.0 was documented as the way to turn off nat from inside to dmz. And I actually don't want to nat between these 2 networks anyway. I can see how the default route can cause issues so I added a static route to the exsiting Firewall (not a pix) to forward 192.168.2.0 to 192.168.0.10, but it's still not working... Do you recommend a better way for me to

test the pix?

-robert

rangelino · ‎05-03-2005

I learned that ping is not a good debugging tool when it comes to the pix. I come from a router background. When you setup a router, the first thing is ping the interfaces to make sure they up. You can't do that on a pix. The best way to test is to put the different interfaces on closed segments, put machines running services you are opening and test that way. I did this and had a lot more success with the getting things to work.

-robert