Pinging the Pix interface itself is not controlled by access lists. You need to use "icmp deny any outside". If your pix doesn't allow the command, your image is too old for it. I can't remember exactly when it came in. The fact that you're using conduits suggests your Pix may have been there for a while? If you want to ping out, just use "conduit permit icmp any any echo-reply"
Use some logging to work out what's getting dropped: logging on logging console 4 (or 5) Regards, Gaz ""Parmjit"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > hi, > Thanks I tried "static (inside,outside) tcp interface ftp armada ftp netmask > 255.255.255.255 10 0" where armada is the name of the internal ftp server, I > also used a conduit permit ip any any and I still can't ftp to it. > I should also mention there is another problem unless I use a conduit permit > icmp any any I cannot ping out, if I prefix this with a "no" so I can't > ping, people on the net can still ping my pix, there is nothing in the > config in the way of access lists etc. Having read the section in the book a > pix by default should allow internal users to ping out but not the other way > around, is there a fix for this also? > > thanks > > ""brian charles"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > If you have version 6.0 or greater you can do port redirection with the > > static command. Create an acl to allow the traffic > > > > > http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/cmd_ref/s.h > tm#xtocid20 > > > > > > static > > Maps a local IP address to a global IP address (NAT) and supports TCP and > > UDP port redirection (static PAT). (Configuration mode.) > > > > [no] static [(internal_if_name, external_if_name)] {tcp | udp} {global_ip > | > > interface} global_port local_ip local_port [netmask mask] [max_conns > > [em_limit]] [norandomseq] > > > > show static Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45988&t=45945 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
