First on the PIX try clear xlate On the router clear arp * You have an access-list acl_ping but it is not applied. To apply an access-list you need access-group acl_ping in interface outside
but there is an implied deny all at the end of the access-list. If you had the access-list applied then removed it, you will need to do the clear xlate. Everything else looks good. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pierre-Alex J. Guanel Sent: Monday, December 10, 2001 2:23 PM To: [EMAIL PROTECTED] Subject: PIX no client connectivity [7:28625] >From a client (inside) I can ping the inside interface of the PIX . >From a client (outside) I can ping the outside interface of the PIX. However no (inside) client manages to ping or do any sort of traffic with hosts outside the PIX. Do you spot where my problem is? Thank you!!! BTECHPIX# sh config : Saved : PIX Version 5.1(2) nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname BTECHPIX fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list acl_ping permit icmp any any pager lines 24 logging on no logging timestamp no logging standby no logging console no logging monitor no logging buffered no logging trap no logging history logging facility 20 logging queue 512 interface ethernet0 auto interface ethernet1 auto mtu outside 1500 mtu inside 1500 ip address outside 209.152.115.123 255.255.255.0 ip address inside 192.168.3.1 255.255.255.0 no failover failover timeout 0:00:00 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 arp timeout 14400 global (outside) 1 209.152.115.125 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 209.152.115.1 1 timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable isakmp identity hostname ......... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28749&t=28625 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
