pix, ping and nat-control

Discussion in 'Cisco' started by mstelles@gmail.com, Mar 22, 2006.

  1. Guest

    Hi.

    Im trying to let ping pass from one interface to another, with
    nat-control disabled.

    I created ACLs like these
    access-list OUTSIDE line 1 extended permit icmp host <host A> host <pix
    interface>
    Then, I tried the command "icmp permit any"

    After all this work and searchs with no success, I tried to configure
    an inspect for icmp.

    The icmp pkgs goes through the ACL OUTSIDE.

    Any clues?

    Thanks in advance.
    , Mar 22, 2006
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >Im trying to let ping pass from one interface to another, with
    >nat-control disabled.


    >I created ACLs like these
    >access-list OUTSIDE line 1 extended permit icmp host <host A> host <pix interface>


    That looks like a 7.x configuration. It helps if you state
    which PIX version you are running.

    What exactly are you trying to ping? If you are trying to
    ping an interface on the PIX itself which is not the "closest"
    interface, then you cannot do that in 6.x; I don't know about 7.x.

    If you are trying to ping a host "beyond" a PIX interface,
    with the intention that you address the packets to the PIX
    interface IP and that it would forward the packets to
    an inside host, then you cannot do that in 6.x because 6.x
    has no way of configuring icmp forwarding for the interface IP.
    I don't know if 7.x does.

    If you are trying to ping a host "beyond" a PIX interface
    and that host is to be addressed by its internal IP
    (as you mentioned nat having been disabled) then the
    target IP you would want in the access-list would be the
    internal IP of the target.
    Walter Roberson, Apr 1, 2006
    #2
    1. Advertising

  3. NETADMIN Guest

    What exactly you are trying to ask?
    And give us full description which PIX IOS are you using with Model.
    NETADMIN, Apr 2, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oleg Tipisov

    PIX Policy NAT: order of NAT commands

    Oleg Tipisov, Aug 12, 2004, in forum: Cisco
    Replies:
    4
    Views:
    8,775
    Walter Roberson
    Aug 13, 2004
  2. Jose
    Replies:
    3
    Views:
    1,943
  3. Matthew Melbourne
    Replies:
    2
    Views:
    7,340
    Matthew Melbourne
    Feb 12, 2005
  4. B Squared
    Replies:
    1
    Views:
    5,031
    chris
    Aug 11, 2006
  5. Terry Cole
    Replies:
    0
    Views:
    395
    Terry Cole
    Jan 18, 2007
Loading...

Share This Page