RE: PIX problem [7:40919]

Tue, 09 Apr 2002 08:37:48 -0700 

If you are pinging an INSIDE interface from a device on the OUTSIDE, or in
other words, if you are pinging from a lower security interface to a higher
security interface, you must create a conduit that allows a ping request.

If you are pinging an OUTSIDE interface from a device on the INSIDE, or in
other words, if you are pinging from a higher security interface to a lower
security interface, you must create a conduit that allows a ping reply.

If you want both, you must allow all ping.

This allows a ping request:

        conduit permit icmp any any 8

This allows a ping reply:

        conduit permit icmp any any 0

This allows any ping:

        conduit permit icmp any any

If this still doesn't work, try to send me the config and a description
where you're pinging from and to.

Hth,

Ole

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 http://www.RouterChief.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Need a Job?
 http://www.OleDrews.com/job
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




-----Original Message-----
From: dk [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 09, 2002 9:16 AM
To: Ole Drews Jensen
Cc: [EMAIL PROTECTED]
Subject: Re: PIX problem [7:40919]


Thanks for the suggestion but no joy ..
I applied the conduit you specified, tried pinging the interface but still
got the timeout,  it made no difference and the conduit has a hit count of 0
!



----- Original Message -----
From: "Ole Drews Jensen" 
To: "'dk'" ; 
Sent: Tuesday, April 09, 2002 3:27 PM
Subject: RE: PIX problem [7:40919]


> Have you allowed ping replies to return back to you?
>
> conduit permit icmp any any 0
>
> Hth,
>
> Ole
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Ole Drews Jensen
>  Systems Network Manager
>  CCNP, MCSE, MCP+I
>  RWR Enterprises, Inc.
>  [EMAIL PROTECTED]
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  http://www.RouterChief.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Need a Job?
>  http://www.OleDrews.com/job
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
> -----Original Message-----
> From: dk [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, April 09, 2002 8:00 AM
> To: [EMAIL PROTECTED]
> Subject: PIX problem [7:40919]
>
>
> Hi all
>
> I'm sure there's a simple answer to this but I can't  see what it is ...
>
> I'm trying to ping the all the Ethernet interfaces on my PIX (5.2) in
order
> to
> manage them from HP openview.
>
> I get a response from the interface I'm connected to but not from the rest
>
> I've used the debug icmp trace command  and can see the echo requests but
> there are no replies and nothing gets logged.  I can ping all the
interfaces
> when from the telnet console and I can ping devices across the PIX ....
any
> ideas ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40936&t=40919
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to