The problem is that a PING needs access back with a PING REPLY, and the PIX
does not allow that by default.
Use the command:
conduit permit icmp any any 0
to allow PING REPLY (icmp type 0) from the outside to the inside.
If you want to use tracert also, you must add the command:
conduit permit icmp any any 11
ICMP type 11 is Time Exceeded.
If you want to allow people from the outside to ping on the inside, you can
either add this command:
conduit permit icmp any any 8
ICMP type 8 is PING REQUEST.
OR, you can instead of the above three commands, use one command to allow
ALL ICMP traffic to enter:
conduit permit icmp any any
Hth,
Ole
~
Ole Drews Jensen
Systems Network Manager
CCNP, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~
http://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: John Green [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 9:24 AM
To: Ole Drews Jensen
Subject: RE: PIX 501 (quick help needed) [7:38645]
from a host inside i am able to connect to PIX and get
the PDM fine. hence the internal interface looks ok.
but i am not able to go outside.
i have reset the configuration and hence i guess the
default config makes the outside interface act as a
dhcp client and get an IP address from the service
provider.
but i am not able to even ping to internet outside
from inside hosts. the cisco docs clearly say that for
default config inside connections to outside are
allowed. so what is the problem ?
--- Ole Drews Jensen wrote:
Yes.
Use the command
ip address outside dhcp setroute
This will tell the outside interface to act like a
DHCP client and configure
the default route to be the address it gets from the
DHCP server.
If you're using the setroute option, remember not to
use the route command
to set the default route.
Hth,
Ole
~
Ole Drews Jensen
Systems Network Manager
CCNP, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~
http://www.RouterChief.com
~
Need a Job?
http://www.OleDrews.com/job
~
-Original Message-
From: John Green [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 18, 2002 8:30 AM
To: [EMAIL PROTECTED]
Subject: PIX 501 (quick help needed) [7:38645]
this is from the specs for the PIX 501:
integrated 4-port 10/100BASE-TX switch and 10BASE-T
port
question is about the external interface ? is its
external interface 10BaseT ? if yes, then, can it
connect to the cable modem and get a ip address from
the dhcp ?
__
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
[EMAIL PROTECTED]
__
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards.
http://movies.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39163t=38645
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
