Hi all,
I'll bow to greater knowledge if I'm wrong, and I may well be, but I didn't
think you could use the outside interface address for the global NAT address
until much more recently than 4.0.7.
If you can spare a couple of IP addresses I would go with:
global (outside) 1 208.136.247.215-208.136.247.216
global (outside) 1 208.136.247.217
Gaz
""Patrick Ramsey"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You can use the same ip address on the outside as yoru global statement...
> But unless you are allowing icmp on the inside and the outside interface,
a
> ping will not go through...
>
> A statement like this would be in order.
>
> access-list inside permit icmp any any
> access-list outside permit icmp any any
> (this is bad juju and not recommended)
>
> remember you also have to have an access group for each interface you want
> to ACL.
>
> So something along these lines would work
>
> access-group inside in interface inside
> access-group outside in interface outside
>
> -Patrick
>
> >>> "cheekin" 08/08/01 09:27AM >>>
> I think you will need to give a different range of IP address for the
global
> statement. The global statement and the outside interface are using the
> same ip address.
>
> I also think that the route inside statement is not necessary in this
case.
> You can use sh route to display the routing table.
>
> PIX gurus, correct me if I am wrong.
>
>
> cheekin
>
> ----- Original Message -----
> From: "Pierre-Alex"
> To:
> Sent: Wednesday, August 08, 2001 11:34
> Subject: Can't ping outside of PIX [7:15205]
>
>
> > I have spent the all day on the problem below and I still can't see what
I
> > did wrong.
> >
> > Can you help?
> >
> > The PC can ping the inside ip address of the firewall
> > The Firewall can ping the default-gateway and anything on the Internet
> > But I cannot get the PC to ping the outside IP address of the firewall
> > (208.136.247.214)
> > or anything outside like (206.26.90.8).
> >
> >
> > |PC|(1)----------(2)|PIX|(3)-----------------(4)--DSL MODEM
> >
> > PC (1): ip address 10.1.1.12
> > subnet mask: 255.255.255.0
> > default gateway: 10.1.1.10
> >
> > PIX (2): ip adddress 10.1.1.10
> > subnet mask: 255.255.255.0
> >
> > PIX (3i ip address 208.136.247.214
> > subnet mask: 255.255.255.0
> >
> > DSL MODEM (4): ip address 208.136.247.1
> > subnet mask: 255.255.255.0
> >
> >
> >
> > PIX Version 4.0.7
> > enable password 8Ry2YjIyt7RRXU24 encrypted
> > passwd kIQggKv8.UiICW/r encrypted
> > hostname pixfirewall
> > failover
> > names
> > syslog output 20.3
> > no syslog console
> > interface ethernet outside 10baset
> > interface ethernet inside 10baset
> > ip address inside 10.1.1.10 255.255.255.0
> > ip address outside 208.136.247.214 255.255.255.0
> > arp timeout 14400
> > global 1 208.136.247.214-208.136.247.214
> > nat 1 0.0.0.0 0.0.0.0
> > age 10
> > no rip outside passive
> > no rip outside default
> > no rip inside passive
> > no rip inside default
> > route outside 0.0.0.0 0.0.0.0 208.136.247.1 1
> > route inside 0.0.0.0 0.0.0.0 10.1.1.12
> > timeout xlate 24:00:00 conn 12:00:00 udp 0:02:00
> > timeout rpc 0:10:00 h323 0:05:00 uauth 0:05:00
> > no snmp-server location
> > no snmp-server contact
> > mtu outside 1500
> > mtu inside 1500
> > : end
> > [OK]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15358&t=15205
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
