Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
5
Replies

Pinging Outside interface from Inside

jonhill
Level 1
Level 1

‎08-02-2005 12:08 AM - edited ‎03-09-2019 12:01 PM

I'm having problems setting up the ability to ping our Outside interface from our LAN? I've managed to configure pinging through the firewall to an website etc but have not been able to ping the outside interface from our LAN.

How do I go about configuring this?

Thanks

Labels:
0 Helpful
5 Replies 5

mehrdad
Level 3
Level 3

‎08-02-2005 12:58 AM

If you can't ping the outside IP address, it's the Cisco PIX default treat so you should open ICMP reply from outside by the following commands :

access-list 200 permit icmp any any echo-reply

access-group 200 in interface outside

Regards,

Mehrdad Arshad Rad

0 Helpful

vasthorvak
Level 1
Level 1

‎08-02-2005 08:08 AM

use this command:

icmp permit "network here" "mask here" echo-reply outside

this will allow you to ping the outside interface from your internal network

0 Helpful

jlphillips41
Level 1
Level 1
In response to vasthorvak

‎08-04-2005 12:07 PM

I have applied your suggestion and the previous one and still have the prolem of not being able to ping the outside address from hosts on the inside. I also can not access the internet from the hosts on the inside. We have several web servers on the inside that clients can access correctly. I can't ping the inside interface from outside, but I can ping hosts on the inside via their NAT address. This is just for testing and in the future we will limit ping access. What have I missed? Attached is my config file. Thanks!

Preview file
8 KB
0 Helpful

b.bader
Level 1
Level 1
In response to jlphillips41

‎08-04-2005 01:00 PM

I may be wrong, but I had always been under the impression you can ping (if configured) the closest interface to the source of the host but not an interface through the PIX. Meaning you can ping E1 from the inside network, but you can not ping E0 through E1 from the inside network.

0 Helpful

jonhill
Level 1
Level 1

‎08-04-2005 11:21 PM

If that is true then is there no way I can have our network management station ping the outside interface it and get snmp stats from it? I've managed to ping it through one of our other gateways but leaves a massive security hole in the PIX which we don't want to do.

Can anyone confirm that you cannot ping the outside interface from the inside?

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents