PIXes, at least with previous releases, are highly directional in nature and will apply a different set of rules depending on the origin of the traffic. For example, traffic originating on an 'inside' interface is subject to far fewer restrictions, by default, whereas traffic originating on the outside is blocked by default. As has already been mentioned, ICMP has another set of rules that need to be dealt with in addition to the usual rules.
John >>> Wilmes, Rusty 7/16/03 11:31:51 AM >>> I'd think that if it was an access list that it would either work or not work but NOT not work until you try it from the other side. -----Original Message----- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 15, 2003 8:23 PM To: [EMAIL PROTECTED] Subject: Re: do you know why? [7:72352] I'm not very familiar with the newer releases of PIX software, but do you have to enable ICMP on those interfaces? It looks to me like you only have ICMP allowed going one direction. This is a very common problem and easily fixed. Also, if something is being blocked it should be apparent from the logs why it was blocked. HTH, John ----- Original Message ----- From: "Vajira Wijesinghe" To: Sent: Tuesday, July 15, 2003 4:23 PM Subject: do you know why? [7:72352] > I have a pix firewall and i have a strange problem. > If any one of you have come across this pls let me know the solution. > > I have few servers at both sides of the PIX. > eg. Server-A at Outside zone and Server-B at Inside zone. > > 1. When I ping from Server-B to Server-A, I get request timeout. > 2. Now I go to Server-A and start a ping to Server-B. It works fine. > 3. Then again I go back to Server-B to ping to Server-A, and now it > starts pinging!!! > > Can anyone of you explain this??? > I need to get this thing resloved and straight away ping from B to A. > Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72417&t=72352 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]