cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
4
Replies

Need Help: Ping Inside and Outside through Pix

sakdavin
Level 1
Level 1

Hello,

I have two Pix firewall which connect to Paradyne Modem. Plz take a look at the network diagram as below:

FileServer>>>Pix1>>>>Modem...PhoneLine(ISP)...>>>Modem>>>>Pix2>>>>PC

What I am trying to do is to let my PC to be able to ping to my file server at Head Office through the two pix firewall. Meaning that I need to allow ping on the pix by using ping command on my PC to File Server and from File Server to my PC.

Any feed back or solution would be appreciated.

Regards,

Sakdavin

4 Replies 4

vasthorvak
Level 1
Level 1

well if you already have your connectivity (ie routes, acls, xlates) then all you should have to do is allow icmp echo's and echo replies. On the outside interface of pix 1 allow icmp echos from what your pc traslates to on pix2(global address) to the fileserver.

In the future if you need to have direct access to the fileserver from you pc i would recommend setting up a client-to-site vpn on pix1 or a site-to-site vpn between both pix's. That really depends on your requirements for access and you security policy for external connections. Let me know how this works for you. Thanks.

Hello Vasthorvak,

Thanks for your reply.

I have tried to configure the access-list and static(inside,outside) on the PIX for my Head and Branch Office.

but I think I configured somewhere wrongly, meaning that I still cannot ping from my Head Office to Database Server at branch office.

One more thing is that I also need to upload some files to my database server for update at Branch Office.

Plz kindly check my attached files and give me some advice to correct the configuration in this scenario.

The purpose is to allow my Administrator monitoring my Database Server at Branch Office.

Note: I have tried to follow the below URL,but it still dosn't work.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Hope to hearing from you soon.

Regards,

Sakdavin

first of all turn on logging (preferrably to a syslog server but a least to the buffer) for level of informational or debugging.

second you diagram indicates a 172 net but you have the 11 net directly attached to the outside? If the diagram is correct then the 172 net should be on the outside of the pix. Also you have the same ip as the global ip on both pixs which you can not have? Make this change first.

third you need to be allowing echo and ftp on the access-list for the BO pix for 11.190.138.5. If it fails look at your syslogs to see why (also look for an xlate and conn). Also put an explicit deny any at the end of the acl (its implied but you need to see if the hit counter increments so put this rule in). Do these and let me know your findings.

Hello Vasthorvak,

Thanks for your reply.

I am sorry, I posted with the wrong network digram.

The below is the correct one.

If possible, could you plz advice me in detail, coz i am not so familiar with Pix Firewall, and I need to finish this implemenatation by this week.

Thanks for your value time to help me.

Regards,

Sakdavin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: