You can use the same ip address on the outside as yoru global statement...
But unless you are allowing icmp on the inside and the outside interface, a
ping will not go through...
A statement like this would be in order.
access-list inside permit icmp any any
access-list outside permit icmp any any
(this is bad juju and not recommended)
remember you also have to have an access group for each interface you want
to ACL.
So something along these lines would work
access-group inside in interface inside
access-group outside in interface outside
-Patrick
>>> "cheekin" 08/08/01 09:27AM >>>
I think you will need to give a different range of IP address for the global
statement. The global statement and the outside interface are using the
same ip address.
I also think that the route inside statement is not necessary in this case.
You can use sh route to display the routing table.
PIX gurus, correct me if I am wrong.
cheekin
----- Original Message -----
From: "Pierre-Alex"
To:
Sent: Wednesday, August 08, 2001 11:34
Subject: Can't ping outside of PIX [7:15205]
> I have spent the all day on the problem below and I still can't see what I
> did wrong.
>
> Can you help?
>
> The PC can ping the inside ip address of the firewall
> The Firewall can ping the default-gateway and anything on the Internet
> But I cannot get the PC to ping the outside IP address of the firewall
> (208.136.247.214)
> or anything outside like (206.26.90.8).
>
>
> |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM
>
> PC (1): ip address 10.1.1.12
> subnet mask: 255.255.255.0
> default gateway: 10.1.1.10
>
> PIX (2): ip adddress 10.1.1.10
> subnet mask: 255.255.255.0
>
> PIX (3i ip address 208.136.247.214
> subnet mask: 255.255.255.0
>
> DSL MODEM (4): ip address 208.136.247.1
> subnet mask: 255.255.255.0
>
>
>
> PIX Version 4.0.7
> enable password 8Ry2YjIyt7RRXU24 encrypted
> passwd kIQggKv8.UiICW/r encrypted
> hostname pixfirewall
> failover
> names
> syslog output 20.3
> no syslog console
> interface ethernet outside 10baset
> interface ethernet inside 10baset
> ip address inside 10.1.1.10 255.255.255.0
> ip address outside 208.136.247.214 255.255.255.0
> arp timeout 14400
> global 1 208.136.247.214-208.136.247.214
> nat 1 0.0.0.0 0.0.0.0
> age 10
> no rip outside passive
> no rip outside default
> no rip inside passive
> no rip inside default
> route outside 0.0.0.0 0.0.0.0 208.136.247.1 1
> route inside 0.0.0.0 0.0.0.0 10.1.1.12
> timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
> timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
> no snmp-server location
> no snmp-server contact
> mtu outside 1500
> mtu inside 1500
> : end
> [OK]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15283&t=15205
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
