Attn: Walter

Discussion in 'Cisco' started by Rob, Oct 19, 2004.

  1. Rob

    Rob Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cl3akc$6lj$...
    > In article <41752ae4$>, Rob <> wrote:
    > :I am configuring a 515e (6.3) and having problem with enabling ping.
    > :I have added:
    > :icmp permit any echo outside
    > :icmp permit any echo-reply outside
    > :icmp permit any echo inside
    > :icmp permit any echo-reply inside
    >
    > Those control what icmp is permitted to the PIX itself and have
    > nothing to do with what is permitted *through* the PIX.
    >
    > :conduit permit icmp any any
    >
    > That permits all inbound icmp, I think.
    >
    >
    > :However still ping doesnt work, (Firewall, Internet access works fine),

    does
    > :anyone know how to enable ping on this box.
    >
    > Do you have access controls applied to your inside interface? If so
    > then my thought is that you aren't allowing the outbound icmp echo
    > packets needed for ping.
    >
    > If you do not have access controls applied to your inside interface,
    > then I cannot help you any further. The 'conduit' command was
    > deprecated as of PIX 5.2.1, and will not be available in the
    > next major software release, the now late PIX 7.0. Cisco indicates
    > in the release notes that conduit is broken in some cases, and that
    > as of PIX 6.2.1 there are known problems with conduit which will
    > not be fixed. It is thus my policy not to assist in debugging
    > configurations that have 'conduit' commands in them: there is,
    > to my mind, no point in spending time trying to figure out why
    > the configuration might be failing when the problem might be
    > a PIX bug.
    >
    > If you revise your configuration to use purely the access-list/
    > access-group model and the problem still occurs, then we are
    > more likely to be able to help you.
    > --
    > This is not the same .sig the second time you read it.



    I removed the condu and added access-list, however still cannot ping the
    outside.

    PIX(config)# access-list 120 permit icmp any any
    PIX(config)# access-gro 120 in inter outs
    PIX(config)# access-gro 120 in inter insi
    Thanks again-Rob
    Rob, Oct 19, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. BitBucket

    Walter Roberson...HELP!

    BitBucket, Oct 21, 2003, in forum: Cisco
    Replies:
    5
    Views:
    477
    Mike Gallagher
    Oct 23, 2003
  2. Jem Berkes

    Attn: Walter Roberson

    Jem Berkes, Dec 12, 2004, in forum: Cisco
    Replies:
    1
    Views:
    461
    Walter Roberson
    Dec 12, 2004
  3. Ivan Ostreš
    Replies:
    3
    Views:
    434
    Hansang Bae
    Mar 10, 2005
  4. Richard Graves

    A question for Walter :-)

    Richard Graves, Apr 24, 2005, in forum: Cisco
    Replies:
    0
    Views:
    364
    Richard Graves
    Apr 24, 2005
  5. Barret Bonden

    walter , did I do this right ?

    Barret Bonden, Jul 13, 2005, in forum: Cisco
    Replies:
    1
    Views:
    386
    Walter Roberson
    Jul 13, 2005
Loading...

Share This Page