Hi Todd,
Do you have the permit ICMP any any command set? Or permit ICMP echo reply (whatever
your security policy dictates)..
If you have access lists set up I believe these will superscede the permit ICMP
command, so you may need to take a look at them as well..
cheers..
Marc..
>>> Todd <[EMAIL PROTECTED]> 04/20 8:04 AM >>>
I have a dmz configured on a pix. In the dmz there is
an ftp server which is functioning properly. can ftp
to it from internal interface and from external
interface.
My problem is that I cannot start a session from the
ftp server itself. I cannot ping the dns server (
external w/ ISP). In fact I cannot even ping the
external interface.
My goal is to have virus scan do auto updates.
here relevant config: modified to protect the
innocent.
fixup protocol ftp strict 21
global (dmz1) 1 172.16.3.2-172.16.3.100
nat (dmz1) 1 172.16.3.0 255.255.0.0 0 0
static (inside,outside) w.x.y.z 172.16.1.10 netmask
255.255.255.255 0 0
static (dmz1,outside) a.b.c.d 172.16.3.3 netmask
255.255.255.255 0 0
conduit permit tcp host a.b.c.d eq ftp any
conduit permit tcp host a.b.c.d eq ftp-data any
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
