Just for grins, try removing the ip verify reverse-path statement. From CCO "Before using this command, add static route command statements for every network that can be accessed on the interfaces you wish to protect. Only enable this command if routing is fully specified. Otherwise, PIX Firewall will stop traffic on the interface you specify if routing is not in place."
Hope this helps, Craig At 05:14 PM 5/22/2002 -0400, you wrote: >Oh yeah I'm running PIX 6.1(2) > >-----Original Message----- >From: Jablonski, Michael >Sent: Wednesday, May 22, 2002 3:35 PM >To: 'Cisco Study List (E-mail)' >Subject: PIX 515E routing issue > > >Just recently installed a PIX 515E. I can ping from the PIX to an outside >address (and inside box to ethernet on PIX); but trying to ping through the >PIX comes back as unreachable. Basic layout as follows: > >Netopia DSL Router -- PIX 515E -- LAN > > >I'm using the default allow rule, along with the following access list... >everything else is pretty much default for now. (just want to try and get >connectivity) > >access-list 100 permit icmp any any echo-reply >access-list 100 permit icmp any any time-exceeded >access-list 100 permit icmp any any unreachable >pager lines 24 >interface ethernet0 10baset >interface ethernet1 10full >mtu outside 1500 >mtu inside 1500 >ip address outside 192.168.1.6 255.255.255.252 >ip address inside 192.168.200.1 255.255.255.0 >ip verify reverse-path interface outside >ip audit info action alarm >ip audit attack action alarm >arp timeout 14400 >global (outside) 1 interface >nat (inside) 1 0.0.0.0 0.0.0.0 0 0 >access-group 100 in interface outside >route outside 0.0.0.0 0.0.0.0 192.168.1.5 1 >timeout xlate 0:05:00 >no sysopt route dnat > >I've tried running RIP on it; didn't solve the problem. Seems like the PIX >doesn't understand the default route. I've cleared the arp table still no >luck.... >Any help is GREATLY appreciated.... >thanx > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Michael Jablonski >ABN AMRO Asset Management Holdings, Inc. >161 North Clark St. >9th Flr >Chicago, IL 60601-2468 >PH: 312.884.2996 >FAX: 312.278.5550 >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >------------------------------------------------------------------------ >This message (including any attachments) is confidential and may be >privileged. If you have received it by mistake please notify the sender >by return e-mail and delete this message from your system. Any >unauthorized use or dissemination of this message in whole or in part >is strictly prohibited. Please note that e-mails are susceptible to >change. ABN AMRO Bank N.V. (including its group companies) shall not be >responsible nor liable for the proper and complete transmission of the >information contained in this communication nor for any delay in its >receipt or damage to your system. ABN AMRO Bank N.V. (or its group >companies) does not guarantee that the integrity of this communication >has been maintained nor that this communication is free of viruses, >interceptions or interference. >------------------------------------------------------------------------ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44816&t=44749 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
