Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ping inside firewall 1

Status
Not open for further replies.
jdl508

jdl508

Technical User
Apr 30, 2001
242
US
Hello, I have a quick question IF I have a private ip address on my inside int of PIX 515 and public external ip
e0 = 65.x.x.x, e1= 10.1.1.1
how can I ping from outside to inside. I have allowed accesslist permit icmp any any and this is fine for a public ip but not a private. Thanks for any help
jdl
 
Sort by date Sort by votes
Let me ask this then...
If you have a FW protecting your LAN but have other remote sites that use resources on you LAN how do you all them in. I dont think you can with just an access-list saying allow remote-site B any any access to LAN
Hmmm. I'm in a pickle here. I have my network behind a FW but need to allow other sites in??? Should I not allow a FW inbetween my remote sites?
thanks for any help
jdl
 
Upvote 0 Downvote
...if you have a static, 1-to-1 mapping, linking a private IP to a public IP, you should be able to ping the public IP from the outside. You also set up your access-list to permit various protocols to pass to the public IP. The PIX will then translate the public IP over to the private and pass the traffic along.

-gbiello
 
Upvote 0 Downvote
I understand what you're saying and I could do that but I have a few probs.
1. I have a protocol talking between fw's that needs a private ip (dcom) It will not work with a nat or static address.
2. I have other wan sites that need access to my network which is behind firewall and it seems silly to allow all kinds of ports open. this would defeat the purpose of the FW right.
I am now thinking of having the FW's hang off of a switch instead of the router that way routing will be easier between FW's. I can then do a PIX to PIX vpn and allow private IP addresses to be used.
thanks for all your help
 
Upvote 0 Downvote
Yep, a PIX-PIX vpn seems to be the way to go; unless you want to put a 2621 router between the PIX and the network and start using frame-relay.
-gbiello
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
117
Garbear
Garbear
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
195
hairlessupportmonkey
hairlessupportmonkey
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
92
quazimotto
quazimotto
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
157
kythri
kythri
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
133
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top