You need an access-list for the inside interface to allow icmp. I noticed
you have access list 100 bound to outside so that will allow incoming pings.
You need one like it for inside.
Allen May
----- Original Message -----
From: "Mike Peterson"
To:
Sent: Thursday, May 17, 2001 11:21 AM
Subject: Need some help with ping on PIX [7:4859]
> Hi, I am trying to allow ping through my PIX firewall , from any
> workstation on my inside network to any workstation outside the firewall
> .I also cannot ping my internet router.This is just a simulated network.
> PC1-------|172.31.2.100
> 209.165.201.3 209.165.201.1
> |----------------PIX---------------------------------------RTR-----Int.
> CloudPC2-------| I am missing something for sure, so would please let me
> know what I am missing.Thanks, Mike pixfirewall# wr t
> Building configuration...
> : Saved
> :
> PIX Version 5.1(4)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 pix/intf2 security10
> nameif ethernet3 pix/intf3 security15
> enable password 8Ry2YjIyt7RRXU24 encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname pixfirewall
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> names
> access-list 100 permit icmp any any echo
> pager lines 24
> logging on
> no logging timestamp
> no logging standby
> no logging console
> no logging monitor
> logging buffered debugging
> no logging trap
> no logging history
> logging facility 20
> logging queue 512
> interface ethernet0 auto
> interface ethernet1 auto
> interface ethernet2 auto shutdown
> interface ethernet3 auto shutdown
> mtu outside 1500
> mtu inside 1500
> mtu pix/intf2 1500
> mtu pix/intf3 1500
> ip address outside 209.165.201.3 255.255.255.224
> ip address inside 172.31.2.100 255.255.255.0
> ip address pix/intf2 127.0.0.1 255.255.255.255
> ip address pix/intf3 127.0.0.1 255.255.255.255
> no failover
> failover timeout 0:00:00
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
> failover ip address pix/intf2 0.0.0.0
> failover ip address pix/intf3 0.0.0.0
> arp timeout 14400
> nat (inside) 0 172.31.2.0 255.255.255.0 0 0
> static (inside,outside) 209.165.201.3 172.31.2.100 netmask
> 255.255.255.255 0 0
> access-group 100 in interface outside
> rip inside default version 1
> route outside 0.0.0.0 0.0.0.0 209.165.201.1 1
> timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
> timeout rpc 0:10:00 h323 0:05:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> isakmp identity hostname
> telnet timeout 5
> terminal width 80
> Cryptochecksum:2012a7889adc85895d9db997c1ca0878
> : end
> [OK]
> pixfirewall#
>
> ------------------------------------------------------------------------
>
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4871&t=4859
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
