I am talking about pinging the outside interface from another host on the outside as well.
>From: "Alberto Martin Sinopoli" >Reply-To: "Alberto Martin Sinopoli" >To: [EMAIL PROTECTED] >Subject: Re: How can this be possible? Pinging the outside [7:26678] >Date: Mon, 19 Nov 2001 10:25:46 -0500 > >From inside to outside its OK. > > > >------------------------------------ >Alberto Martmn Sinopoli >Microsoft MCP+I, MCSE >Cisco CCNA, CCNP >Buenos Aires - Argentina >------------------------------------ >""Anh Lam"" escribis en el mensaje >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Everyone, > > > > I am always under the impression that one can NOT ping the outside >interface > > of a Cisco PIX firewall unless the command is used: > > > > conduit permit icmp any any > > conduit permit ip any any > > > > Well, I have a Cisco pix Firewall 515-UR model (96MB RAM/16MB Flash). > > This PIX firewall is running code version 6.0(1) with pdm version 1.11. > > Guess what, I can ping the outside interface just fine without the two > > commands mentioned above. > > > > Am I missing something? Below is the config: > > > > > > > > pixfirewall# wr t > > Building configuration... > > : Saved > > : > > PIX Version 6.0(1) > > nameif ethernet0 outside security0 > > nameif ethernet1 inside security100 > > nameif ethernet2 intf2 security10 > > enable password 8Ry2YjIyt7RRXU24 encrypted > > passwd 2KFQnbNIdI.2KYOU encrypted > > hostname pixfirewall > > fixup protocol ftp 21 > > fixup protocol http 80 > > fixup protocol h323 1720 > > fixup protocol rsh 514 > > fixup protocol smtp 25 > > fixup protocol sqlnet 1521 > > fixup protocol sip 5060 > > fixup protocol skinny 2000 > > names > > pager lines 24 > > interface ethernet0 auto > > interface ethernet1 auto > > interface ethernet2 auto shutdown > > mtu outside 1500 > > mtu inside 1500 > > mtu intf2 1500 > > ip address outside 172.16.1.73 255.255.255.0 > > ip address inside 192.168.1.73 255.255.255.0 > > ip address intf2 127.0.0.1 255.255.255.255 > > ip audit info action alarm > > ip audit attack action alarm > > no failover > > failover timeout 0:00:00 > > failover poll 15 > > failover ip address outside 0.0.0.0 > > failover ip address inside 0.0.0.0 > > failover ip address intf2 0.0.0.0 > > pdm history enable > > arp timeout 14400 > > static (inside,outside) 172.16.1.71 192.168.1.71 netmask 255.255.255.255 >0 >0 > > route outside 0.0.0.0 0.0.0.0 172.16.1.254 1 > > timeout xlate 3:00:00 > > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > > 0:05:00 sip 0:30:00 sip_media 0:02:00 > > timeout uauth 0:05:00 absolute > > aaa-server TACACS+ protocol tacacs+ > > aaa-server RADIUS protocol radius > > no snmp-server location > > no snmp-server contact > > snmp-server community public > > no snmp-server enable traps > > floodguard enable > > no sysopt route dnat > > telnet timeout 5 > > ssh timeout 5 > > terminal width 80 > > : end > > > > pixfirewall(config)# sh ver > > > > Cisco Secure PIX Firewall Version 6.0(1) > > PIX Device Manager Version 1.1(1) > > > > Compiled on Thu 17-May-01 20:05 by morlee > > > > pixfirewall up 12 hours 18 mins > > > > Hardware: PIX-515, 96 MB RAM, CPU Pentium 200 MHz > > Flash i28F640J5 @ 0x300, 16MB > > BIOS Flash AT29C257 @ 0xfffd8000, 32KB > > > > 0: ethernet0: address is 0050.54ff.7a24, irq 10 > > 1: ethernet1: address is 0050.54ff.7a25, irq 7 > > 2: ethernet2: address is 00aa.00bc.ba87, irq 11 > > > > Licensed Features: > > Failover: Enabled > > VPN-DES: Enabled > > VPN-3DES: Disabled > > Maximum Interfaces: 6 > > Cut-through Proxy: Enabled > > Guards: Enabled > > Websense: Enabled > > Throughput: Unlimited > > ISAKMP peers: Unlimited > > > > [alam@linux-ccie]$ ping 172.16.1.73 > > PING 172.16.1.73 (172.16.1.73) from 172.16.1.253 : 56(84) bytes of data. > > Warning: time of day goes back, taking countermeasures. > > 64 bytes from 172.16.1.73: icmp_seq=0 ttl=255 time=962 usec > > 64 bytes from 172.16.1.73: icmp_seq=1 ttl=255 time=297 usec > > 64 bytes from 172.16.1.73: icmp_seq=2 ttl=255 time=288 usec > > > > --- 172.16.1.73 ping statistics --- > > 3 packets transmitted, 3 packets received, 0% packet loss > > round-trip min/avg/max/mdev = 0.288/0.515/0.962/0.316 ms > > [alam@linux-ccie]$ > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26724&t=26678 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
