PIX issue

Discussion in 'Cisco' started by Ned, Apr 6, 2006.

  1. Ned

    Ned Guest

    Hello - can anyone spot the problem with my PIX config? I have a PC on
    the inside interface and I can PING it OK from the Internet. I also
    have a machine on the DMZ but cannot get response to PINGs. The NATting
    appears OK. Maybe someone already solved this one before - here's
    hoping anyway.
    TIA,Ned


    Sucessful PING to Good-PC

    1216: Outbound ICMP echo reply (len 32 id 1973 seq 19969) Good-PC >
    123.1.1.111 > 10.10.200.111
    1217: Inbound ICMP echo request (len 32 id 1973 seq 20225) 10.10.10.1
    > 123.1.1.111 > Good-PC

    1218: Outbound ICMP echo reply (len 32 id 1973 seq 20225) Good-PC >
    123.1.1.111 > 10.10.200.111
    1219: Inbound ICMP echo request (len 32 id 1973 seq 20481) 10.10.10.1
    > 123.1.1.111 > Good-PC


    static (inside,outside) 123.1.1.111 Good-PC netmask 255.255.255.255 0 0

    ********************
    Failed PING to BAD_PC

    1224: Inbound ICMP echo request (len 32 id 45975 seq 21249) 10.10.10.1
    > 123.1.1.120 > BAD_PC

    1225: Inbound ICMP echo request (len 32 id 45975 seq 21505) 10.10.10.1
    > 123.1.1.120 > BAD_PC

    1226: Inbound ICMP echo request (len 32 id 45975 seq 21761) 10.10.10.1
    > 123.1.1.120 > BAD_PC


    static (DMZ,outside) 123.1.1.120 BAD_PC netmask 255.255.255.255 0 0

    access-list DMZ_inside permit tcp any any (hitcnt=0)
    access-list DMZ_inside permit icmp any any (hitcnt=0)
    access-list DMZ_inside permit ip any any (hitcnt=0)
    access-list DMZ_inside permit tcp any object-group DMZ_Network eq www

    access-list inside-out permit ip any any
    access-list outside-in permit icmp any any (hitcnt=984)

    *************************
    access-group outside-in in interface outside
    access-group inside-out in interface inside
    access-group DMZ_inside in interface DMZ
    *********************************

    ip address outside 123.1.1.1 255.255.255.0
    ip address inside 172.1.0.25 255.255.0.0
    ip address DMZ 192.168.1.1 255.255.255.0
    ******************************
     
    Ned, Apr 6, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    8
    Views:
    1,357
  2. the pez lover

    inspiron 8200 video issue and hd issue

    the pez lover, Feb 5, 2007, in forum: Computer Support
    Replies:
    1
    Views:
    1,007
    the pez lover
    Feb 5, 2007
  3. Skybuck Flying
    Replies:
    0
    Views:
    1,009
    Skybuck Flying
    Apr 7, 2007
  4. Michelle J W

    Cisco PIX to PIX VPN issue

    Michelle J W, Mar 19, 2008, in forum: Cisco
    Replies:
    1
    Views:
    1,492
    networkzman
    Mar 20, 2008
  5. Scooty
    Replies:
    0
    Views:
    805
    Scooty
    Jun 14, 2008
Loading...

Share This Page