Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pinging the PIX Outside Interface doesn't work

Status
Not open for further replies.
lleveille

lleveille

MIS
Aug 2, 2001
1
US
I don't understand why I can not ping the outside PIX interface and local router from an internal client. Any ideas?
Here is my config info ...
# show ip
System IP Addresses:
ip address outside n.n.n.15 255.255.255.224
ip address inside 192.168.100.100 255.255.255.0
Current IP Addresses:
ip address outside n.n.n.15 255.255.255.224
ip address inside 192.168.100.100 255.255.255.0

# show nat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
# show global
global (outside) 1 n.n.n.14 netmask 255.255.255.224

# show access-list
access-list acl_out permit icmp any any (hitcnt=0)
# show access-group
access-group acl_out in interface outside

#show route
outside 0.0.0.0 0.0.0.0 n.n.n.1 1 OTHER static
outside n.n.n.0 255.255.255.224 n.n.n.15 1 CONNECT static
inside 192.168.100.0 255.255.255.0 192.168.100.100 1 CONNECT static

Ping Debug: From client at 192.168.100.111 on internal side
Pinging PIX inside interface 192.168.100.100 works fine
29: ICMP echo request (len 32 id 2 seq 21504) 192.168.100.111 > 192.168.100.100
30: ICMP echo reply (len 32 id 2 seq 21504) 192.168.100.100 > 192.168.100.111

Pinging PIX outside interface n.n.n.15 doesn’t work
37: Outbound ICMP echo request (len 32 id 2 seq 22528) 192.168.100.111 > n.n.n.14 > n.n.n.15
38: Outbound ICMP echo request (len 32 id 2 seq 22784) 192.168.100.111 > n.n.n.14 >n.n.n.15

Pinging outside the PIX but local ip n.n.n.25 works fine
74: Outbound ICMP echo request (len 32 id 2 seq 27648) 192.168.100.111 > n.n.n.14 > n.n.n.25
75: Inbound ICMP echo reply (len 32 id 3328 seq 27648) n.n.n.25 > n.n.n.14 > 92.168.100.111

Pinging outside the PIX to the local router n.n.n.1 doesn’t work
82: Outbound ICMP echo request (len 32 id 2 seq 28672) 192.168.100.111 > n.n.n.14 > n.n.n.1
83: Outbound ICMP echo request (len 32 id 2 seq 28928) 192.168.100.111 > n.n.n.14 > n.n.n.1

Ping Debug: From PIX
Ping the outside local router works fine
# ping n.n.n.1
71: ICMP echo reply (len 32 id 9233 seq 0) n.n.n.1 > n.n.n.15
72: ICMP echo reply (len 32 id 9233 seq 1) n.n.n.1 > n.n.n.15
73: ICMP echo reply (len 32 id 9233 seq 2) n.n.n.1 > n.n.n.15
n.n.n.1 response received -- 0ms
n.n.n.1 response received -- 0ms
n.n.n.1 response received -- 0ms
 
Sort by date Sort by votes
By default, you can't ping the outside interface. To change that, you can use the icmp permit [type] int_name command.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
510
nnaarrnn
nnaarrnn
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
153
ChrisHirst
ChrisHirst
ttrsux
  • Locked
  • Question
Error opening IKE port 4500 on Interface outside
Replies
0
Views
248
ttrsux
ttrsux
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
145
DivemasterBill
DivemasterBill
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
108
xwray
xwray

Part and Inventory Search

Sponsor

Back
Top