02-05-2002 04:08 AM - edited 03-08-2019 09:44 PM
Hi,
all the Inside users cant ping PIX outside interface, Routers interface.But, can able to telnet router,pix and access web also.What shd i missed out.
02-07-2002 08:17 AM
Probably the 'icmp permit' commmand. This is seperate from the access list commands.
02-08-2002 09:16 AM
I am assuming you do not have a access-list that denies icmp messages on the inside interface. If this is the case, the PIX by default will allow inside host(based upon the nat command) to ping through the PIX. However, by default the outside interface will not allow the reply back inside unless you implictly allow this. If you are using access-list then enter the following commands on your outside interface : access-list outside permit icmp any any echo-reply
access-list outside permit icmp any any source-quench
access-list outside permit icmp any any unreachable
access-list outside permit icmp any any time-exceeded
02-08-2002 09:14 PM
Ok i will try..and My Nat cmd is
nat ( inside)1 0 0 then
global (outside)1 interface
so, all the inside users are tranlated in to PIX outside IP..do i need to assign a seperate global ip in Global command..like say..global (outside) global ip and mask?
02-13-2002 06:51 AM
FYI.
Careful when doing translations all to 1. This is called PAT (Port address translation) a form of NAT. I am doing the same thing even though they say it doesn't work well with multimedia applications since PAT differentiates by port.
10.10.10.1 = 172.16.10.1:6000
10.10.10.2 = 172.16.10.1:6001
10.10.10.3 = 172.16.10.1:6002
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide