01-20-2005 11:40 PM - edited 03-09-2019 10:04 AM
I'm newable to pix.
After I configured my pix520 like follow,I couldn't be able to ping outside interface IP from inside network successfully.what's the problem?
And another small question:
If I use PAT to deal with inside network addresses,can I ping the PAT IP address from the outside network successfully?It appeared I couldn't.
pix(config)# wr t
Building configuration...
: Saved
:
PIX Version 4.4(7)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxx encrypted
passwd xxxxxxxx encrypted
hostname pix
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
no logging timestamp
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
logging queue 512
interface ethernet0 10full
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside 1.1.1.1 255.0.0.0
ip address inside 192.168.1.1 255.255.255.0
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
arp timeout 14400
global (outside) 1 1.1.1.100-1.1.1.200 netmask 255.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
route inside 192.168.0.0 255.255.0.0 192.168.1.2 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 192.168.1.2 255.255.255.255
telnet timeout 5
terminal width 80
Cryptochecksum:xxxxxxxxxxxxxxxx
: end
[OK]
pix(config)#
Solved! Go to Solution.
01-21-2005 02:38 AM
Hi,
You won't be able to ping your outside interface from an inside network i'm afraid. This is the default behaviour of the PIX. Likewise you can't ping an inside interface from the outside.
With the global address, i believe you should be able to ping it from the outside (please correct me) as the PIX should proxy arp for this address.
If i'm correct, then you will need to add something like
icmp permit
Also the conduit you have in your config allows ICMP to transit your PIX, it will not allow ICMP to the PIX's own interfaces.
For more detail please see the following link
Good Luck
Paddy
01-21-2005 02:38 AM
Hi,
You won't be able to ping your outside interface from an inside network i'm afraid. This is the default behaviour of the PIX. Likewise you can't ping an inside interface from the outside.
With the global address, i believe you should be able to ping it from the outside (please correct me) as the PIX should proxy arp for this address.
If i'm correct, then you will need to add something like
icmp permit
Also the conduit you have in your config allows ICMP to transit your PIX, it will not allow ICMP to the PIX's own interfaces.
For more detail please see the following link
Good Luck
Paddy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide