From: Vijay Venkatesh (vijay.venkatesh@xxxxxxx)
Date: Thu Jul 13 2000 - 01:20:29 GMT-3
Hi all,
I am running PIX version 4.4. Here is the situation -
ethernet0: (outside) interface -
has a class c ip address with a /27 mask
has a global ip pool for nat also with a /27 mask
has a global ip (not part of the pool) for overload
has a default route to the next hop router.
ethernet 1 (inside) interface -
has a 10.10.10.0 ip with a /24
Hosts on the 10.10.10.0/24 net get natted to the outside. If I place
a worksstion on the inside I can ping the inside interface of the PIX.
If I place a w/s on the perimeter interface of the pix I can ping the
outside interface of the pix. I cannot however ping from the w/s on
the
inside interface to any host on the outside interface. In fact, I
cannot
ping across the PIX !! I did a debug and I see the nat occuring and
the
nat table getting populated. Yes, I have checked the arp entries also.
Everything looks good. However it appears that the icmp pkt reaches
the
host on the outer interface but the response does not return. Yes, I
have set the conduit to allow icmp any any. AM I missing something
here ? ALso I have the mtu and the auto statement also in.
Yes, from the pix I can ping both outer and inner devices. I just
cannot ping across the pix. The pix is routing but it appears that
the pix does not know how to realy back the icmp response pkt by
reading entries from the NAT table. ANy ideas ? Please let me know.
Thank you.
Regards,
Vijay.
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3