Pix 506

[lostandfound]

I apologize if this question is in the wrong forum, but here is my dilemma:

I have a Cisco PIX 506 firewall and I cannot access internal clients externally, yet these clients can get out through the firewall. Essentially I am trying to set up a remote server and I can't get to it. The firewall is connected to a 7200 series router and (I believe) the firewall's outside and interface are configured correctly as clients behind the firewall can ping out and ssh out but I cannot ping the inside interface or internal clients from a separate external network (firewall is protecting a DS3 connection and I am trying to ping it from a separate DSL line). Does anyone have any tips on how to overcome this issue?

Router: x.x.x.192-223 Network (mask 255.255.255.224)
Router interface: x.x.x.193
Firewall eth0: x.x.x.194 255.255.255.224
Firewall eth1 x.x.x.209 255.255.255.224
Internal Subnet x.x.x.210-222 255.255.255.224

1 client currently attached at x.x.x.212 255.255.255.224. This client can browse webpages, ping external IPs and ssh to other clients on separate networks externally. However I cannot ping this client externally, access it via ftp or ssh.

Any help is greatly appreciated.

Thanks
Jon Ryan

 

[NetworkGuy101]

Well Ill answer your ping problem first. Pix doesnt allow ICMP in by default. If you want to be able to ping internal users you have add that into the config. Depending on how your pix is setup, if you have a private network on the internal such as a 10.10.10.0 type net you will need a static ip command to assign a real IP to your internal private IP address If you want to be able ping through the firewall to it. What version software are you running on PIX? The add ins wont be hard to config. Just be careful not to allow all ICMP in.