Pinging Pix Interfaces

[adubla]

Pix520 with 3 interfaces. Access lists are set up for each interface with permit icmp any any. From the inside I can ping all of the DMZ servers, but I can not ping the Pix DMZ interface.

I need to be able to ping the DMZ interface and the Outside interface from the Inside interface. How could I set that up?

Thanks,

Alan

 

[Guest_imported]

conduit permit icmp any any echo-reply

 

[adubla]

I appreciate the effort, but that didn't work.

 

[Reaper36]

Have u set up statics in ur config?
Ensure you have unique security values for each int and that the inside is 100 (ie max) then use a static statement inside to ur dmz int

 

[adubla]

I have security numhers assigned to all 3 of the interfaces. I have set up statics and tried that route, but it didn't work either. On that line, the docs seem to indicate that higher security interfaces may access those with lower security without defining additional statics. I'm trying to ping the DMZ and Outside interfaces from the inside. I can ping machines on the DMZ and machines on the Outside, just not the actual Pix DMZ and Outside interfaces themselves.

Thanks,

Alan

 

[8dstaicu]

It will not work. Never.
Pix doesn't route a packet to the interface that came for.
In this case. ICMP echo-request came from inside interface and go to destination dmz interface. This one change the bit to echo-reply. But cannot send the pachet back to inside interface because the pachet came from this interface.
So, you'll never get echo-replay pachet.
It's a security measure. And it's correct.