Mikej the problem doesn't seem to be in your access list it is in you ip-ing. With a /30 you are routing to the netid and not the other router.
> ip address outside 192.168.1.6 255.255.255.252 > route outside 0.0.0.0 0.0.0.0 192.168.1.5 1 192.168.1.1 Netid 192.168.1.2 host1 192.168.1.3 host2 192.168.1.4 Broadcast 192.168.1.5 Netid 192.168.1.6 host1 192.168.1.7 host2 192.168.1.8 Broadcast Verify what the other routers ip is. Hope this does it. ~M -----Original Message----- From: Jablonski, Michael [mailto:mike.jablonski@abnamrousa. com] Sent: Thursday, May 23, 2002 10:07 AM To: [EMAIL PROTECTED] Subject: RE: PIX 515E routing issue [7:44749] >From the PIX, i can ping the inside workstations.... I tried adding a permit all icmp rule.... didn't work did the no "ip verify reverse-path statement" and changed the outside network from /30 to a /28. This seemed to work. Thanks for the help!!! cheers, mikej -----Original Message----- From: netman [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 23, 2002 6:53 AM To: [EMAIL PROTECTED] Subject: Re: PIX 515E routing issue [7:44749] Can you ping a system on the inside? >From Pix - ping inside x.x.x.x To: Sent: Wednesday, May 22, 2002 4:14 PM Subject: FW: PIX 515E routing issue [7:44749] > Oh yeah I'm running PIX 6.1(2) > > -----Original Message----- > From: Jablonski, Michael > Sent: Wednesday, May 22, 2002 3:35 PM > To: 'Cisco Study List (E-mail)' > Subject: PIX 515E routing issue > > > Just recently installed a PIX 515E. I can ping from the PIX to an outside > address (and inside box to ethernet on PIX); but trying to ping through the > PIX comes back as unreachable. Basic layout as follows: > > Netopia DSL Router -- PIX 515E -- LAN > > > I'm using the default allow rule, along with the following access list... > everything else is pretty much default for now. (just want to try and get > connectivity) > > access-list 100 permit icmp any any echo-reply > access-list 100 permit icmp any any time-exceeded > access-list 100 permit icmp any any unreachable > pager lines 24 > interface ethernet0 10baset > interface ethernet1 10full > mtu outside 1500 > mtu inside 1500 > ip address outside 192.168.1.6 255.255.255.252 > ip address inside 192.168.200.1 255.255.255.0 > ip verify reverse-path interface outside > ip audit info action alarm > ip audit attack action alarm > arp timeout 14400 > global (outside) 1 interface > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > access-group 100 in interface outside > route outside 0.0.0.0 0.0.0.0 192.168.1.5 1 > timeout xlate 0:05:00 > no sysopt route dnat> > I've tried running RIP on it; didn't solve the problem. Seems like the PIX > doesn't understand the default route. I've cleared the arp table still no > luck.... > Any help is GREATLY appreciated.... > thanx > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Michael Jablonski > ABN AMRO Asset Management Holdings, Inc. > 161 North Clark St. > 9th Flr > Chicago, IL 60601-2468 > PH: 312.884.2996 > FAX: 312.278.5550 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > ------------------------------------------------------------------------ > This message (including any attachments) is confidential and may be > privileged. If you have received it by mistake please notify the sender > by return e-mail and delete this message from your system. Any > unauthorized use or dissemination of this message in whole or in part > is strictly prohibited. Please note that e-mails are susceptible to > change. ABN AMRO Bank N.V. (including its group companies) shall not be > responsible nor liable for the proper and complete transmission of the > information contained in this communication nor for any delay in its > receipt or damage to your system. ABN AMRO Bank N.V. (or its group > companies) does not guarantee that the integrity of this communication > has been maintained nor that this communication is free of viruses, > interceptions or interference. > ------------------------------------------------------------------------ This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be responsible nor liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. ---------------------------------------------------------------------- -- Message Posted at: http://www .groupstudy.com/form/read.php?f=7&i=44829&t=44749 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/li st/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44838&t=44749 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
