Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX ping v6.0(1)

Reply
Thread Tools

PIX ping v6.0(1)

 
 
Walter Roberson
Guest
Posts: n/a
 
      12-11-2003
In article <(E-Mail Removed)>,
aharper <(E-Mail Removed)> wrote:

:I'm having a problem getting ping to get through the PIX for one IP. So
:far as I can tell I've got the statements the same as I do for many
ther IPs that work just fine, but this one isn't working. If I change
:the IPs to something different I still can't get them to work. Not
:sure what's up. Here is what I have...


:access-list acl_out permit icmp any any
:access-list acl_out permit icmp any any echo-reply
:access-list acl_out permit icmp any any unreachable
:access-list acl_out permit icmp any any time-exceeded

Those last 3 are redundant. The first line permits -all- icmp, so
there is no point in permitting other icmp individually.

:access-group acl_out in interface outside

:STATIC STUFF (207.addy's are ISP addy's, 172.addy is for the LAN)...
:static (inside,outside) 207.220.220.35 172.16.1.35 netmask
:255.255.255.255 512 384

:Similar setups for other IPs work just fine. On the outside I can ping
:the 207.220.220.x addy and get replies. This one isn't working.

:alias (inside) 207.220.220.35 192.168.2.35 255.255.255.255
:static (dmz,outside) 207.220.220.35 192.168.2.35 netmask
:255.255.255.255 1024 716
:static (inside,outside) 207.220.220.35 172.16.1.35 netmask
:255.255.255.255 512 384

You are trying to mix 'alias' and 'static' for the same outside IP?
And you are trying to map the same outside IP to two different
interfaces? I wouldn't expect either to work.
--
Cottleston, Cottleston, Cottleston pie.
A bird can't whistle and neither can I. -- Pooh
 
Reply With Quote
 
 
 
 
aharper
Guest
Posts: n/a
 
      12-11-2003

I'm having a problem getting ping to get through the PIX for one IP. S
far as I can tell I've got the statements the same as I do for man
other IPs that work just fine, but this one isn't working. If I chang
the IPs to something different I still can't get them to work. No
sure what's up. Here is what I have...

ACCESS-LIST STUFF...
access-list acl_out permit icmp any any
access-list acl_out permit icmp any any echo-reply
access-list acl_out permit icmp any any unreachable
access-list acl_out permit icmp any any time-exceeded
access-group acl_out in interface outside

STATIC STUFF (207.addy's are ISP addy's, 172.addy is for the LAN)...
static (inside,outside) 207.220.220.35 172.16.1.35 netmas
255.255.255.255 512 384

Similar setups for other IPs work just fine. On the outside I can pin
the 207.220.220.x addy and get replies. This one isn't working. I'v
tried adding other statements as well messing around hoping somethin
would work. Below I'm adding statements to test with the DMZ machine
to see if they can see what I need. The DMZ addy's are 192.blah.

alias (dmz) 192.168.2.35 172.16.1.35 255.255.255.255
alias (inside) 207.220.220.35 192.168.2.35 255.255.255.255
static (dmz,outside) 207.220.220.35 192.168.2.35 netmas
255.255.255.255 1024 716
static (inside,outside) 207.220.220.35 172.16.1.35 netmas
255.255.255.255 512 384
static (inside,dmz) 192.168.2.35 172.16.1.35 netmask 255.255.255.25
512 384

Still no dice. From another machine in the DMZ I'm able to pin
192.168.2.35 and I get replies. Now if only it would work on th
outside. I'm really at a loss since it's working elsewhere. Seems I'
always having problems with ping, though, and somehow miraculously a
the end it ends up working. Problem is I just don't know what's don
to make it work. Any help is appreciated. TIA.

And

aharpe
-----------------------------------------------------------------------
Posted via http://www.mcse.m
-----------------------------------------------------------------------
View this thread: http://www.mcse.ms/message170411.htm

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX to PIX: new subnet cannot ping to other side RLM Cisco 6 07-03-2006 07:02 AM
Can Ping Switch but Can't Ping Rtr (behind it) Bob Simon Cisco 8 01-19-2005 05:31 PM
ping ping Why gruffydd Computer Support 3 12-29-2004 05:09 PM
Can not ping myself, but can ping others =?Utf-8?B?V0pQQw==?= Wireless Networking 6 12-26-2004 05:56 AM
PIX Help?cant PING the INSIDE Interface of MY PIX eugene123 Cisco 4 09-25-2003 04:16 AM



Advertisments