Ping PIX inside interface through VPN

Discussion in 'Cisco' started by Leigh Harrison, Jun 17, 2005.

  1. All,

    I have problem trying to ping a pix. Situation is this:-

    192.168.1.x - network
    192.168.1.6 - pix 1 inside address
    pix 1 outside address
    internet
    pix 2 outside address
    192.168.9.6 - pix 2 inside address
    192.168.9.x - network

    vpn tunnel set up through the interweb.

    All services are up and working. All traffic passes back to head office
    , to use proxy servers, etc.
    Local hosts can ping the pix inside addresses.
    Remote hosts can ping eachother, but not the remote inside address.
    i.e, 192.168.1.10 can ping 192.168.9.10 (host), but not 192.168.9.6 (pix)
    pix 1 is running 6.1
    pix 2 is running 6.0

    I have tried:-
    icmp permit inside any
    icmp permit outside any
    access-list xx permit icmp any 192.168.9.0 255.255.255.0
    access-group xx in interface outside

    I've done debug icmp trace and it see's the icmp packets coming in, it
    just doesn't respond to them.

    Am I missing something simple? Any ideas?

    Best regards,
    Leigh
     
    Leigh Harrison, Jun 17, 2005
    #1
    1. Advertising

  2. In article <iHwse.18645$>,
    Leigh Harrison <[SPAM]> wrote:
    :I have problem trying to ping a pix. Situation is this:-

    :Remote hosts can ping eachother, but not the remote inside address.

    :Am I missing something simple? Any ideas?

    You can't do that with PIX 6.x, except through a tunnel which
    is defined as a management access tunnel. Note: such tunnels
    cannot be used to reach -through- the PIX, just -to- the PIX.

    The general rule with PIX 6.x is that you can only ping the
    "closest" interface. Management tunnels are an exception to that.
    --
    This signature intentionally left... Oh, darn!
     
    Walter Roberson, Jun 17, 2005
    #2
    1. Advertising

  3. Leigh Harrison

    bbiandov

    Joined:
    Sep 24, 2006
    Messages:
    14
    not accurate

    have that running just fine with IOS 6

    just add:

    management-access inside

    and that will do it

    ~B
     
    Last edited: Mar 13, 2009
    bbiandov, Mar 13, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. eugene123
    Replies:
    4
    Views:
    2,730
    Mark Smythe
    Sep 25, 2003
  2. jonnah
    Replies:
    1
    Views:
    1,349
    mcaissie
    Apr 21, 2004
  3. Gianlu
    Replies:
    4
    Views:
    10,045
    Gianlu
    Jun 16, 2004
  4. marti314
    Replies:
    1
    Views:
    2,152
    Walter Roberson
    Aug 5, 2005
  5. GNY
    Replies:
    0
    Views:
    767
Loading...

Share This Page