PIng a PIX interface

[danfranklin]

I am setting up a PIX firwall for NMM but it requires a ICMP responce from the inside interface

As of PIX ver 5.2.1 ICMP is not permitted on an interface.

How can I configure the PIX to allow me to ping the inside interface? The PIX is running VER 6.2.
I have enabled ICMP any any which allows me to ping through the interface but not the actual interface.

Dan

 

[netwrkr]

As of PIX ver 5.2.1 ICMP is not permitted on an interface.


I have honestly never heard of that. Paste your configuration. Do a 'sh run' and look for any icmp statements. By default the PIX inside interface will allow pings to it but not through it -- unless you are somehow blocking icmp packets.

Tom

 

[danfranklin]

What I was trying to do was ping the inside interface from a different subnet. I can ping the inside interface on the same subnet but not from

My problem is that I can ping the inside interface on the PIX when I am on the same subnet as the inside interface but what I need to do is ping the inside interface from a different subnet.

I this possible without configuring NAT on a router to make the source packet appear as though it is on the same subnet?


Dan

 

[mheianna]

Dan, I think that the problem is in the routing table of the pix. Do a "show route" in your pix, and find the route that belongs to the "other subnet" in the inside address. If you doesn't have it add the route with :
route inside 192.168.1.0 255.255.255 10.0.0.1

all the traffic that have a destination address 192.168.1.x will be forwarded to 10.0.0.1

Regards

 

[yizhar]

HI.

The pix will not allow access to its own interface from the "wrong" direction. So if you are trying to ping it from a different interface like DMZ or outside, it won't work by design.

Please provide more details if you still need help.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar