ICMP problem Last try!!

[Guest_imported]

Ok Ive tried so much now. Im running 5.2 on a 515 pix. Here is my current config. I can ping the host at 200.1.1.5 through the firewall from the router but I cant ping from the host thorugh the firewall to the router. (Inside to Outside) Can anyone help ?
nameif ethernet0 outside security0
nameif ethernet1 inside security100
ip address inside 10.1.1.1 255.255.255.0
ip address outside 200.1.1.1 255.255.255.0
interface ethernet0 auto
interface ethernet1 auto
route outside 0 0 200.1.1.2 1
conduit permit icmp any any
static (inside,outside) 200.1.1.5 10.1.1.5 netmask 255.255.255.255 0 0
global (outside) 1 interface
nat (inside) 1 10.1.1.5 255.255.255.255 0 0

 

[routerman]

You wont be able to ping from outside to inside with the configuration given above. This will allow trusted users on the inside to generate outgoing pings and allows the reply packets back in.
You'll need to create an access list to allow those packets in and apply the list to the outside interface.

Note that this opens up a serious hole in your firewall and should only be used to troubleshoot connectivity issues.

Try this,

access-list icmp permit icmp any any
access-group icmp in interface outside

You can only apply one access-list per interface, so if you have one already to permit SMTP access then add the access-list statement to that list.

When you have finished remove the list otherwise your leaving yourself open to attack.

Looking at your NAT statement, why are you using it in the form given, I useually use NAT (inside) 1 0 0 which allows any internal user out.

Also from the outside host you'll need to ping 200.1.1.5 as that is the outside address that maps to 10.1.1.5, but you may already know that.

 

[Guest_imported]

Thanks for your help. It all makes to much sense now. I run a network from the very bottom to the very top so I am always having to do ten things at once.