Take a look at what is actually happening here. You are assigning a registered IP address to an inside address to allow outside users to access that resource. This means that the node that the outside IP address refers to is in reality inside your network. Does it make sense to send outgoing pings to try to reach something inside your network? The ping command you issued translates to "send a ping out the outside interface to the destination 209.179.179.18." Two problems here. First, from the perspective of the PIX, that IP address is mapped to an inside resource. Second, I'm not even sure if the ping would leave the PIX, but if it did, what's going to happen to it? The upstream router would receive a packet sourced from the PIX with a destination that resides right back out the same interface. It will route the packet back to the PIX which will promptly drop it because it drops incoming ICMP by default. It looks to me like you have a routing issue, not necessarily a problem with the configuration in the PIX. When your users try to reach the registered address, are their requests leaving your network and then coming back in, or are they being routed directly to the PIX on the internal network? If the latter is the case, it's going to confuse the issue. To simplify what I'm trying to ask: if your users are trying to reach 209.179.179.18, do you have routing in place that will eventually cause those requests to be incoming on the outside interface of your PIX? And, is there a valid return path? If users outside of your network can reach 209.179.179.18 but your internal users can't, then it definitely sounds like you have an internal routing issue, not necessarily a PIX configuration issue. Sorry for the rambling. I just got back from lunch and I need a nap. <g> Regards, John >>> "Sam" <[EMAIL PROTECTED]> 3/19/01 1:10:27 PM >>> If I telnet to a PIX, shouldn't I be able to do the following ping and get a response when the address entered is a global ip used in a static command? I get a no response received message ping outside 209.179.179.18 Ex. static (inside,outside) 208.179.179.18 192.168.1.10 netmask 255.255.255.255 conduit permit tcp host 208.179.179.18 eq www any conduit permit icmp any any ping outside 209.179.179.18 NO response recieved NO response recieved NO response recieved ""Sam"" <[EMAIL PROTECTED]> wrote in message 995n41$a94$[EMAIL PROTECTED]">news:995n41$a94$[EMAIL PROTECTED]... > Hello Group, > I am having trouble figuring out a small issue with a PIX firewall. It is > running ver 4.4(5). > After entering the approriate static and conduit (WWW) commands, I tried > accessing the host from our internal network using the external address and > I was not able to. I then tested from a machine that is outside our > firewall and was able to access the host without any problem. > > Is their a command that I am missing in order to let users on our internal > network access hosts using the external IP addresses? > Thanks in advance, > Sam > > > > _________________________________ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
