I no use syslog. I have this configuration in my pix:
nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 real security10 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto ip address outside x.y.z.130 255.255.255.192 ip address inside 10.10.10.1 255.255.255.0 ip address real q.w.r.1 255.255.255.0 global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0 global (outside) 1 a.b.c.254 netmask 255.255.255.0 nat (inside) 1 10.10.10.0 255.255.255.0 0 0 nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any Thanks for your help me. On Wed, 2002-01-09 at 13:11, bob bobing wrote: > Well you left out some info. first off what are the > security levels for ethernet2, and ethernet 3. Are you > using syslog? what is the pix logging when you try the > ping that fails? > Also can you show all nat, global, and static rules > for eth2, and eth3. > --- Johnny Gonzalez <[EMAIL PROTECTED]> wrote: > > Hi. > > > > I have pix 525 with 4 ethernets. > > > > 1 ethernet= inside (10.10.10.1/24) > > 2 ethernet= real (IP internet z.x.w.q/24) > > 3 ethernet= outside (IP internet a.b.c.d/24) > > > > route default is a.b.c.x > > > > I have the next rules: > > > > conduit permit icmp any any > > nat (real) 0 z.x.w.r 255.255.255.255 > > > > > > the ethernet real is inside of my LAN: > > > > Internet-------outside----real&inside-----LAN > > > > The clients have ip 10.10.10.x and z.x.w.r/24 > > > > The clients no problem to internet. > > > > But I no see pings from 10.10.10.x to z.x.w.r/24 > > > > I see pings from internet to z.x.w.r/24 > > > > Whats is the problem?? > > > > > > Thanks for your help me. > > > > > > > > -- > > Johnny Gonzalez Dominguez > > Ingenieria de Software > > Telecable Morelos > > Cuernavaca, Morelos > > Tel. (52)(777)3292475 > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > ICQ #75046976 > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > __________________________________________________ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls -- Johnny Gonzalez Dominguez Ingenieria de Software Telecable Morelos Cuernavaca, Morelos Tel. (52)(777)3292475 [EMAIL PROTECTED] [EMAIL PROTECTED] ICQ #75046976 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
