If you are using IOS 5.23 or higher on the Pix, you can't use conduits
anymore. Access-Lists are the only supported way to permit inbound traffic.
(Really sucks when you upgrade a Pix running 5.12, with several hundred
conduits!!)

The Conduit Permit ICMP any any command still works, but that's it. To
further confuse things, the firewall lets you add the conduit statement, but
ignores it.

>>> "Allen May"  06/11/01 03:50PM >>>
If ICMP is disabled you won't be able to ping it.  Conduit statements must
open the correct protocol & ports to connect as well.  The router could
possibly be blocking ICMP or ports also.  Can the inside machine ping the
inside interface of the PIX?


----- Original Message -----
From: "Gary Crouch" 
To: 
Sent: Monday, June 11, 2001 2:06 PM
Subject: PIX static address translation question [7:8031]


> we have servers hosted at a ISP and have a back port connection
> and would like to give a client access thur our back port using one of our
> external IP address I have configure a static address translation for the
> external ip address
> and added a route for the internal address I can pig the internal address
> from the PIX
> but can not ping the server with the external address from outside.
> does the static and conduit commands work when there is a router between
the
> server?
> is there a way to make this work?
>
> Thanks for your help




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=8086&t=8031
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to