PIX 515E Conduit / ACL Issue

[dgle]

PC Host on inside of Pix can't ping, telnet, or access HTTP service on sites outside of Pix. I tried using "conduit permit icmp any any" as per cisco's request. Pix can ping to sites on the inside and outside, but the hosts still can't.

Thanks for anyone's time,

Frustrated Cisco Users



Daniel Glezer

 

[themut]

Is there a translation present on your configuration? The internal hosts need to have a translation on the PIX in order to access outside resources. A translation could be static or dynamic.

Static:
static (inside,outside)...

Dynamic:
nat (inside) 1...
global (outside) 1...

 

[Cluebird]

Current best practice is get rid of all conduits and use ACLs (depending on your code). If the basic commands are in place, there is no reason the inside host can't reach the outside unless you have access-lists restricting traffic. Can you post config?