Hi It seems to me that you have missed access group command For example, use the following command statement to ping from the inside interface to the outside interface: access-group acl_ping in interface outside. Once you define an access list you have to specify the access group command for each interface thru which you want the icmp packets to pass. hope this helps
fahim ccna. ccda, css1 ""Gibb, Jake"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Isn't there an implicit deny at the end of your access list? > > access-list acl_ping permit icmp any any > > Should you add the following to permit http traffic at least. You will > probably need dns resolution as well. > > access-list acl_ping permit tcp 80 any any > > -----Original Message----- > From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]] > Sent: Monday, December 10, 2001 2:23 PM > To: [EMAIL PROTECTED] > Subject: PIXL: no client connectivity [7:28685] > > > From a client (inside) I can ping the inside interface of the PIX . > > From a client (outside) I can ping the outside interface of the PIX. > > However no (inside) client manages to ping or do any sort of traffic > with hosts outside the PIX. > > I have the feeling that I have a Global or PAT issue. > > Do you spot where my problem is? > > Thank you!!! > > BTECHPIX# sh config > : Saved > : > PIX Version 5.1(2) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > enable password encrypted > passwd encrypted > hostname BTECHPIX > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > names > access-list acl_ping permit icmp any any > pager lines 24 > logging on > no logging timestamp > no logging standby > no logging console > no logging monitor > no logging buffered > no logging trap > no logging history > logging facility 20 > logging queue 512 > interface ethernet0 auto > interface ethernet1 auto > mtu outside 1500 > mtu inside 1500 > ip address outside 209.152.115.123 255.255.255.0 > ip address inside 192.168.3.1 255.255.255.0 > no failover > failover timeout 0:00:00 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > arp timeout 14400 > global (outside) 1 209.152.115.125 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > route outside 0.0.0.0 0.0.0.0 209.152.115.1 1 > timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00 > timeout rpc 0:10:00 h323 0:05:00 timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no > snmp-server location no snmp-server contact snmp-server community public > no snmp-server enable traps floodguard enable isakmp identity hostname > ......... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=28811&t=28685 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
