12-29-2003 12:56 AM - edited 03-09-2019 05:59 AM
Hi,
I have a PIX525 installed with the inside IP for the LAN, the outside IP connecting the Internet Router and a 'new' DMZ IP for a connection to the private IP of a VPN3030.
I tried to ping (extended) from the inside IP of the PIX to the DMZ IP. It couldn't ping, even after I enabled the access-list to allow all IP between the DMZ and the inside interface.
The only thing that I did was putting the NAT to 'use same address' rather than creating a new NAT. Thus, it created the 'Null Rule' to the ACL which I just inserted.
So, what exactly can I do to be able to ping between these 2 interface?
Thanks
12-29-2003 01:25 AM
Access list only applies to packets which traverse PIX and not terminate on it interfaces.
If you want PIX interface to reply to ICMP echo packets you should use the configuration command:
icmp permit IP_address netmask Interface_name
12-29-2003 01:26 PM
To ping a device in the DMZ, first you need to allow ICMP.
Next you need to create a static mapping as follows; Static (inside,dmz) inside ip inside ip
This should allow you to ping devices in the DMZ
-CHEERS
12-29-2003 10:55 PM
Hi,
Thanks. I actually allowed all IP to pass through for now. Still, I was not able to ping the next-hop IP.
Today, I activated the NAT at the PIX and I was able to ping that next-hop IP. However, as I have the outside IP doing the same NAT, I can't activate this NAT (at the DMZ) and the NAT (at the outside) using the same range of IP addresses, eventhough I use different inside global IP address.
So, how can I activate the NAT for the same inside local for the DMZ and the Internet?
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide