The way I understood his question was he couldn't ping outbound. You can
ping outbound by default if you are using NAT. Inbound ping definitely
requires access-list or conduits. But outbound works...everything works
outbound.
----- Original Message -----
From: "Farhan Ahmed"
To: "'Allen May'" ;
Sent: Wednesday, August 08, 2001 11:18 AM
Subject: RE: Can't ping outside of PIX [7:15205]
>
> u cannot ping until
>
> u put
>
> conduit permit statements
>
>
>
>
> -----Original Message-----
> From: Allen May [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 08, 2001 6:29 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Can't ping outside of PIX [7:15205]
>
>
> Looks ok to me but I tend to agree with cheekin. Try subnetting to a .128
> to divide your IP range in 2 so you have half for the global range and
half
> for the equipment on the LAN. If nothing else, just to see if that
> eliminates your problem for troubleshooting purposes.
>
>
> ----- Original Message -----
> From: "cheekin"
> To:
> Sent: Wednesday, August 08, 2001 8:27 AM
> Subject: Re: Can't ping outside of PIX [7:15205]
>
>
> > I think you will need to give a different range of IP address for the
> global
> > statement. The global statement and the outside interface are using the
> > same ip address.
> >
> > I also think that the route inside statement is not necessary in this
> case.
> > You can use sh route to display the routing table.
> >
> > PIX gurus, correct me if I am wrong.
> >
> >
> > cheekin
> >
> > ----- Original Message -----
> > From: "Pierre-Alex"
> > To:
> > Sent: Wednesday, August 08, 2001 11:34
> > Subject: Can't ping outside of PIX [7:15205]
> >
> >
> > > I have spent the all day on the problem below and I still can't see
what
> I
> > > did wrong.
> > >
> > > Can you help?
> > >
> > > The PC can ping the inside ip address of the firewall
> > > The Firewall can ping the default-gateway and anything on the Internet
> > > But I cannot get the PC to ping the outside IP address of the firewall
> > > (208.136.247.214)
> > > or anything outside like (206.26.90.8).
> > >
> > >
> > > |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM
> > >
> > > PC (1): ip address 10.1.1.12
> > > subnet mask: 255.255.255.0
> > > default gateway: 10.1.1.10
> > >
> > > PIX (2): ip adddress 10.1.1.10
> > > subnet mask: 255.255.255.0
> > >
> > > PIX (3i ip address 208.136.247.214
> > > subnet mask: 255.255.255.0
> > >
> > > DSL MODEM (4): ip address 208.136.247.1
> > > subnet mask: 255.255.255.0
> > >
> > >
> > >
> > > PIX Version 4.0.7
> > > enable password 8Ry2YjIyt7RRXU24 encrypted
> > > passwd kIQggKv8.UiICW/r encrypted
> > > hostname pixfirewall
> > > failover
> > > names
> > > syslog output 20.3
> > > no syslog console
> > > interface ethernet outside 10baset
> > > interface ethernet inside 10baset
> > > ip address inside 10.1.1.10 255.255.255.0
> > > ip address outside 208.136.247.214 255.255.255.0
> > > arp timeout 14400
> > > global 1 208.136.247.214-208.136.247.214
> > > nat 1 0.0.0.0 0.0.0.0
> > > age 10
> > > no rip outside passive
> > > no rip outside default
> > > no rip inside passive
> > > no rip inside default
> > > route outside 0.0.0.0 0.0.0.0 208.136.247.1 1
> > > route inside 0.0.0.0 0.0.0.0 10.1.1.12
> > > timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
> > > timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
> > > no snmp-server location
> > > no snmp-server contact
> > > mtu outside 1500
> > > mtu inside 1500
> > > : end
> > > [OK]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15331&t=15205
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
