Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pinging inside 1

Status
Not open for further replies.
RobG2001

RobG2001

MIS
Oct 5, 2001
89
0
0
US
I have what I think is a weird problem. Just got on board with this company 2 months ago and I'm trying to implement a Websense server. Well, long story short. When I ping the Websense server, I get one reply or don't get any replies even thought it's on the same network as the PIX's inside interface. Pinging the other way, Websense to inside interface is fine. I don't understand but I'm new to PIX. This happens if I ping any PC including my own. Take a look:

sh route
outside 0.0.0.0 0.0.0.0 xxx.xxx.108.1 1 OTHER static
outside xxx.xxx.108.0 255.255.255.0 xxx.xxx.108.3 1 CONNECT static
failover 127.0.0.1 255.255.255.255 127.0.0.1 1 CONNECT static
inside 223.100.1.0 255.255.255.0 223.100.1.33 1 CONNECT static

223.100.1.241 response received -- 0ms
223.100.1.241 NO response received -- 900ms
223.100.1.241 NO response received -- 860ms

I'm sure this is why I'm getting an "url server not responding". And yes I know they should not be using those addresses in the inside

Thanks for any help
 
Sort by date Sort by votes
First of all why are you using public addresses on the inside? Unless they all belong to you they probably will not route properly. Also, I'm not sure I understand were you are pinging from? Is the workstation you are pinging from on the same subnet as the websense server, and both are on the inside of the PIX? Or are you pinging from the PIX? If I see correctly you have a static map on the inside to 223.100.1.33, while your default gateway is the outside port. If the 223.100.1.241 is what you are trying to ping but it has no mapping, the PIX will send it to the default route. Is 223.100.1.33 the PIX inside port? I'm just trying to better understand your problem to help you solve it.
 
Upvote 0 Downvote
First, thanks for trying to help.
I know these aren't the correct RFC addresses to use but as I said, I just got here.

Basically, I'm telneted inside the PIX trying to ping out to 223.100.1.241. My "inside" interface on the PIX has an address of 223.100.1.33/24 so you see the PIX interface and the Websense server is on the same network.

The pix, I believe, has the correct routes. That's what's confusing me. The other thing is, if I get on my Websense server (223.100.1.241), I can ping the PIX "inside" (223.100.1.33) fine. I hope I'm clear...
 
Upvote 0 Downvote
I see, I think you should check the route that the PIX is using. It sounds to me that the PIX doesn't have the correct routes. Are there any other devices on that subnet that you can use to try pinging from? Or is 223.100.1.241 the only device connected to that port of the PIX? Set-up a static map to that IP address, if you simply let the PIX know that that port is on that sub-net it may not route traffic for that sub-net to that port if classless routing is enabled. Basically my advice is to re-check the routing on the PIX.
 
Upvote 0 Downvote
HI!

What OS on the WEBSENSE server?
If NT/2000, post here the IPCONFIG and ROUTE PRINT output.
Posting your PIX - SHOW CONFIG can also help.
How many NICs on server? How many IP addresses?
Is your PIX configured with FAILOVER? Is there another PIX?
What happens when pinging from your workstation to the PIX?
To the server?
PIX to workstation?
server to workstation?

I suggest some ideas to check out:

1) A routing problem on the WEBSENSE server.
2) Check if some router broadcasts wrong RIP information.
3) Maybe something with ARP?
4) Layer 1&2 - Network cables, and devices and configuration (duplex,speed,etc) !!!

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Clarification:

"Every" computer I pinged from inside the PIX to my internal network didn't respond....Until I brought out my Linux box. When I pinged Linux it went ok. So I pinged a router from inside the Pix, also good. Figured it was a routing issue from this and Yizhar's tips. So then I basically put in a static route in Win2k server (websense) to go to a router and bam it worked.

Thanks to all who help, Murphyb and Yizhar. I'm assuming now that I can ping, the url-server should be easy to configure.

Now if you can only help me with my Cisco 6009 issue...heh.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
54
kythri
kythri
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
29
quazimotto
quazimotto
xylax
  • Locked
  • Question
Redirecting HTTP traffic from INSIDE to OUTSIDE using ASA NATs
Replies
0
Views
32
xylax
xylax
bobbyforhire
  • Locked
  • Question
VPNGROUP unable to access inside devices over vpn
Replies
0
Views
20
bobbyforhire
bobbyforhire
lgpl3
  • Locked
  • Question
ASA 5505/5520 routing from outside to inside
Replies
1
Views
35
HungryHouse
HungryHouse

Part and Inventory Search

Sponsor

Back
Top