Zim,
If you want, send me the config direct. I suspect that since you can ping,
that either the conduit or NAT config is incorrect and that routing is fine.
Here's some things to check.
Check the security level on the interfaces, Outside should be Sec0, and the
Inside - Sec100.
Does your NAT pool and static NAT's overlap?
Is this inbound HTTP or outbound? On inbound, sometimes you need routes in
the Inet. router that make the PIX the next hop for the IP's staticlly
NAT'ed.
When you "show xlate" do you see the entry for yourself appear in the table?
Any access-lists?
In many cases the PIX's syntax is backwards compared to the rest of Cisco's
product line, so double check your conduits (destination first, source
second), NAT, Aliases, etc.
Rodgers Moore, CCDP, CCNP-Security
"ZIM" wrote in message <8f6npg$13b$[EMAIL PROTECTED]>...
>Back to PIX again and now I am receiving the message below. I did opened a
>conduit using the "conduit permit icmp any any" and "conduit permit icmp
any
>any exceed" however the problem persist. My xlate settings are back to the
>default. Any ideas??? And I can ping from within the router in all
>directions.
>
>
>When using the "debug icmp trace" command I recieve the folowing; Inbound
>ICMP time exceeded (code 0)
>
>Note however, that I can also ping through the PIX however http traffic is
>non functional - the http protocol was enabled using the fixup command.
>
>Also, currently we have a managed (poorly I might add) 2501 router running
>IOS 11.1
>
>Thanks,
>
>Zim
>
>
>
>
>___________________________________
>FAQ, list archives, and subscription info: http://www.groupstudy.com
>Posting Guidelines: http://www.groupstudy.com/list/guide.html
>---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
