PIX, inside interface drops return ping packets HELP.

Discussion in 'Cisco' started by ^shadow^, May 14, 2010.

  1. ^shadow^

    ^shadow^

    Joined:
    May 13, 2010
    Messages:
    1
    Hi all, I have a problem with pinging outside
    Current lab

    R1 ----PIX----R2

    R1 is on outside interface
    R2 is on inside interface

    IP R1 e0/0 = 82.111.43.1
    IP R2 e0/0 = 10.1.5.2
    PIX IP

    Inside = 10.1.5.3
    Outside = 82.111.43.3

    Current access-lists on PIX(yes I just want to see what’s happing here, so gave the hell to come loose)

    access-list 100 permit ip 10.1.5.0 255.255.255.0 any
    access-list 100 permit tcp 10.1.5.0 255.255.255.0 any
    access-list 100 permit udp 10.1.5.0 255.255.255.0 any
    access-list 100 permit icmp 10.1.5.0 255.255.255.0 any
    access-list 100 permit icmp 10.1.5.0 255.255.255.0 any echo
    access-list 100 permit ip any 10.1.5.0 255.255.255.0
    access-list 101 permit ip 10.1.5.0 255.255.255.0 any

    access-g 100 in int inside

    IP route outside 0 0 82.111.43.3
    IP route inside 0 0 10.1.5.3

    Nat translation (PAT)

    Nat (inside) 1 0 0
    Global (outside) 1 82.111.43.4 netmask 255.255.255.255

    R2 pinging the outside interface from R1

    Deb IP Packet det

    02:53:54: IP: s=82.111.43.4 (Ethernet0/0), d=82.111.43.1 (Ethernet0/0), len 100, rcvd 3
    02:53:54: ICMP type=8, code=0
    02:53:54: ICMP: echo reply sent, src 82.111.43.1, dst 82.111.43.4
    02:53:54: IP: s=82.111.43.1 (local), d=82.111.43.4 (Ethernet0/0), len 100, sending
    02:53:54: ICMP type=0, code=0









    R2#ping 10.1.4.1

    03:53:28: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 100, sending
    03:53:28: ICMP type=8, code=0
    03:53:30: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 100, sending
    03:53:30: ICMP type=8, code=0
    03:53:32: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 100, sending
    03:53:32: ICMP type=8, code=0
    03:53:34: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 100, sending
    03:53:34: ICMP type=8, code=0
    03:53:36: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 100, sending
    03:53:36: ICMP type=8, code=0


    And on PIX I get this (be aware this is a v635)

    271: ICMP echo-request: translating inside:10.1.5.2/5414 to outside:82.111.43.4/15
    272: ICMP echo-reply from outside:82.111.43.1 to 82.111.43.4 ID=15 seq=5294 length=80
    273: ICMP echo-request from inside:10.1.5.2 to 82.111.43.1 ID=5415 seq=5294 length=80
    274: ICMP echo-request: translating inside:10.1.5.2/5415 to outside:82.111.43.4/16
    275: ICMP echo-reply from outside:82.111.43.1 to 82.111.43.4 ID=16 seq=5294 length=80
    276: ICMP echo-request from inside:10.1.5.2 to 82.111.43.1 ID=5416 seq=5294 length=80
    277: ICMP echo-request: translating inside:10.1.5.2/5416 to outside:82.111.43.4/17
    278: ICMP echo-reply from outside:82.111.43.1 to 82.111.43.4 ID=17 seq=5294 length=80
    279: ICMP echo-request from inside:10.1.5.2 to 82.111.43.1 ID=5417 seq=5294 length=80
    280: ICMP echo-request: translating inside:10.1.5.2/5417 to outside:82.111.43.4/18
    281: ICMP echo-reply from outside:82.111.43.1 to 82.111.43.4 ID=18 seq=5294 length=80
    282: ICMP echo-request from inside:10.1.5.2 to 82.111.43.1 ID=5418 seq=5294 length=80
    283: ICMP echo-request: translating inside:10.1.5.2/5418 to outside:82.111.43.4/19
    284: ICMP echo-reply from outside:82.111.43.1 to 82.111.43.4 ID=19 seq=5294 length=80



    Any help everyone, at least point me in to the right direction

    If you want the config let me know by the way I can telnet to port 80 though
    R2#telnet 82.111.43.1 80
    Trying 82.111.43.1, 80 ... Open
    ?HTTP/1.0 400 Bad Request
    Date: Mon, 01 Mar 1993 03:08:47 UTC
    Content-type: text/html
    Expires: Thu, 16 Feb 1989 00:00:00 GMT

    <H1>400 Bad Request</H1>



    [Connection to 82.111.43.1 closed by foreign host]
    R2#
    03:56:06: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 44, sending
    03:56:06: TCP src=11011, dst=80, seq=2286751334, ack=0, win=4128 SYN
    03:56:07: IP: s=82.111.43.1 (Ethernet0/0), d=10.1.5.2 (Ethernet0/0), len 44, rcvd 3
    03:56:07: TCP src=80, dst=11011, seq=3731103664, ack=2286751335, win=4128 ACK SYN
    03:56:07: IP: s=10.1.5.2 (local), d=82.111.43.1 (Ethernet0/0), len 40, sending
    ^shadow^, May 14, 2010
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. eugene123
    Replies:
    4
    Views:
    2,668
    Mark Smythe
    Sep 25, 2003
  2. jonnah
    Replies:
    1
    Views:
    1,160
    mcaissie
    Apr 21, 2004
  3. Gianlu
    Replies:
    4
    Views:
    9,880
    Gianlu
    Jun 16, 2004
  4. Al
    Replies:
    1
    Views:
    724
  5. marti314
    Replies:
    1
    Views:
    2,088
    Walter Roberson
    Aug 5, 2005
Loading...

Share This Page