Gary,

Let me be a bit anal here and clarify the situation.

"on a subnet local to the firewall"  - on the inside subnet, I assume? (To
be picky,
both the inside and outside subnets are local.)

To be completely clear about this, you are saying that you can ping from a
router/host
outside the PIX (on the Internet or the outside subnet) to a server on the
inside
subnet, correct?

"need to get it working with a router between the server and firewall"

Where is the router mentioned in this statement? Outside subnet? Inside
subnet? If you
have the situation below

Internet--outside intfc-PIX-inside intfc--router X--subnet X

you will need a PIX static route to subnet X, but I believe you said you
took care of
that, right?

If you can ping the inside subnet interface of router X from the outside,
but you cannot
ping hosts on subnet X then this could be an access list problem on router X
or a
routing table problem with router X or maybe even hosts on subnet X don't
have a default
gateway configured.

Hope this helps,

Jonathan

Gary Crouch wrote:

> the conduit permit icmp any any is applied
> I have several servers with conduits applied on a subnet local to the
> firewall
> and can ping and access them with no problems from the outside.
> just need to get it working with a router between the server and firewall.
>
> >>> [EMAIL PROTECTED] 06/11/01 12:27PM >>>
> Gary,
>
> To ping through the PIX firewall make sure you have the "conduit permit
icmp
> any any"
> applied (or if you have a newer PIX OS you can use the "access-list"
> command).
>
> See
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/conf
> ig.htm
>
> -Jonathan
>
> Gary Crouch wrote:
>
> > we have servers hosted at a ISP and have a back port connection
> > and would like to give a client access thur our back port using one of
our
> > external IP address I have configure a static address translation for the
> > external ip address
> > and added a route for the internal address I can pig the internal address
> > from the PIX
> > but can not ping the server with the external address from outside.
> > does the static and conduit commands work when there is a router between
> the
> > server?
> > is there a way to make this work?
> >
> > Thanks for your help
> the conduit permit icmp any any is applied I have several servers with
> conduits applied on a subnet local to the firewall and can ping and
> access them with no problems from the outside.just need to get it working
> with a router between the server and firewall.
>
> >>> [EMAIL PROTECTED] 06/11/01 12:27PM >>>
> Gary,
>
> To ping through the PIX firewall make sure you have the "conduit permit
> icmp any any"
> applied (or if you have a newer PIX OS you can use the "access-list"
> command).
>
> See
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/config.htm
>
> -Jonathan
>
> Gary Crouch wrote:
>
> > we have servers hosted at a ISP and have a back port connection
> > and would like to give a client access thur our back port using one of
> our
> > external IP address I have configure a static address translation for
> the
> > external ip address
> > and added a route for the internal address I can pig the internal
> address
> > from the PIX
> > but can not ping the server with the external address from outside.
> > does the static and conduit commands work when there is a router
> between the
> > server?
> > is there a way to make this work?
> >
> > Thanks for your help
--
Jonathan Hays
Director of Professional Services
Acropolis Systems, Inc.
(408) 935-3016




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8054&t=8031
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to