>From inside to outside its OK.
------------------------------------ Alberto Martmn Sinopoli Microsoft MCP+I, MCSE Cisco CCNA, CCNP Buenos Aires - Argentina ------------------------------------ ""Anh Lam"" escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Everyone, > > I am always under the impression that one can NOT ping the outside interface > of a Cisco PIX firewall unless the command is used: > > conduit permit icmp any any > conduit permit ip any any > > Well, I have a Cisco pix Firewall 515-UR model (96MB RAM/16MB Flash). > This PIX firewall is running code version 6.0(1) with pdm version 1.11. > Guess what, I can ping the outside interface just fine without the two > commands mentioned above. > > Am I missing something? Below is the config: > > > > pixfirewall# wr t > Building configuration... > : Saved > : > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 intf2 security10 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname pixfirewall > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > pager lines 24 > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu intf2 1500 > ip address outside 172.16.1.73 255.255.255.0 > ip address inside 192.168.1.73 255.255.255.0 > ip address intf2 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address intf2 0.0.0.0 > pdm history enable > arp timeout 14400 > static (inside,outside) 172.16.1.71 192.168.1.71 netmask 255.255.255.255 0 0 > route outside 0.0.0.0 0.0.0.0 172.16.1.254 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > no sysopt route dnat > telnet timeout 5 > ssh timeout 5 > terminal width 80 > : end > > pixfirewall(config)# sh ver > > Cisco Secure PIX Firewall Version 6.0(1) > PIX Device Manager Version 1.1(1) > > Compiled on Thu 17-May-01 20:05 by morlee > > pixfirewall up 12 hours 18 mins > > Hardware: PIX-515, 96 MB RAM, CPU Pentium 200 MHz > Flash i28F640J5 @ 0x300, 16MB > BIOS Flash AT29C257 @ 0xfffd8000, 32KB > > 0: ethernet0: address is 0050.54ff.7a24, irq 10 > 1: ethernet1: address is 0050.54ff.7a25, irq 7 > 2: ethernet2: address is 00aa.00bc.ba87, irq 11 > > Licensed Features: > Failover: Enabled > VPN-DES: Enabled > VPN-3DES: Disabled > Maximum Interfaces: 6 > Cut-through Proxy: Enabled > Guards: Enabled > Websense: Enabled > Throughput: Unlimited > ISAKMP peers: Unlimited > > [alam@linux-ccie]$ ping 172.16.1.73 > PING 172.16.1.73 (172.16.1.73) from 172.16.1.253 : 56(84) bytes of data. > Warning: time of day goes back, taking countermeasures. > 64 bytes from 172.16.1.73: icmp_seq=0 ttl=255 time=962 usec > 64 bytes from 172.16.1.73: icmp_seq=1 ttl=255 time=297 usec > 64 bytes from 172.16.1.73: icmp_seq=2 ttl=255 time=288 usec > > --- 172.16.1.73 ping statistics --- > 3 packets transmitted, 3 packets received, 0% packet loss > round-trip min/avg/max/mdev = 0.288/0.515/0.962/0.316 ms > [alam@linux-ccie]$ > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26678&t=26678 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
