hehe...it let him say anal and I couldn't put in P I X S H O T I N T H E
D A R K without being filtered ;)
Technology never ceases to amaze/amuse me ;)
----- Original Message -----
From: "Jonathan Hays"
To:
Sent: Monday, June 11, 2001 3:47 PM
Subject: Re: PIX static address translation question [7:8031]
> Gary,
>
> Let me be a bit anal here and clarify the situation.
>
> "on a subnet local to the firewall" - on the inside subnet, I assume? (To
> be picky,
> both the inside and outside subnets are local.)
>
> To be completely clear about this, you are saying that you can ping from a
> router/host
> outside the PIX (on the Internet or the outside subnet) to a server on the
> inside
> subnet, correct?
>
> "need to get it working with a router between the server and firewall"
>
> Where is the router mentioned in this statement? Outside subnet? Inside
> subnet? If you
> have the situation below
>
> Internet--outside intfc-PIX-inside intfc--router X--subnet X
>
> you will need a PIX static route to subnet X, but I believe you said you
> took care of
> that, right?
>
> If you can ping the inside subnet interface of router X from the outside,
> but you cannot
> ping hosts on subnet X then this could be an access list problem on router
X
> or a
> routing table problem with router X or maybe even hosts on subnet X don't
> have a default
> gateway configured.
>
> Hope this helps,
>
> Jonathan
>
> Gary Crouch wrote:
>
> > the conduit permit icmp any any is applied
> > I have several servers with conduits applied on a subnet local to the
> > firewall
> > and can ping and access them with no problems from the outside.
> > just need to get it working with a router between the server and
firewall.
> >
> > >>> [EMAIL PROTECTED] 06/11/01 12:27PM >>>
> > Gary,
> >
> > To ping through the PIX firewall make sure you have the "conduit permit
> icmp
> > any any"
> > applied (or if you have a newer PIX OS you can use the "access-list"
> > command).
> >
> > See
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
f
> > ig.htm
> >
> > -Jonathan
> >
> > Gary Crouch wrote:
> >
> > > we have servers hosted at a ISP and have a back port connection
> > > and would like to give a client access thur our back port using one of
> our
> > > external IP address I have configure a static address translation for
the
> > > external ip address
> > > and added a route for the internal address I can pig the internal
address
> > > from the PIX
> > > but can not ping the server with the external address from outside.
> > > does the static and conduit commands work when there is a router
between
> > the
> > > server?
> > > is there a way to make this work?
> > >
> > > Thanks for your help
> > the conduit permit icmp any any is applied I have several servers with
> > conduits applied on a subnet local to the firewall and can ping and
> > access them with no problems from the outside.just need to get it
working
> > with a router between the server and firewall.
> >
> > >>> [EMAIL PROTECTED] 06/11/01 12:27PM >>>
> > Gary,
> >
> > To ping through the PIX firewall make sure you have the "conduit permit
> > icmp any any"
> > applied (or if you have a newer PIX OS you can use the "access-list"
> > command).
> >
> > See
> >
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/con
fig.htm
> >
> > -Jonathan
> >
> > Gary Crouch wrote:
> >
> > > we have servers hosted at a ISP and have a back port connection
> > > and would like to give a client access thur our back port using one of
> > our
> > > external IP address I have configure a static address translation for
> > the
> > > external ip address
> > > and added a route for the internal address I can pig the internal
> > address
> > > from the PIX
> > > but can not ping the server with the external address from outside.
> > > does the static and conduit commands work when there is a router
> > between the
> > > server?
> > > is there a way to make this work?
> > >
> > > Thanks for your help
> --
> Jonathan Hays
> Director of Professional Services
> Acropolis Systems, Inc.
> (408) 935-3016
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8060&t=8031
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
