[Fwd: PIX routing and NAT issues]

From: Vijay Venkatesh (vijay.venkatesh@xxxxxxx)
Date: Thu Jul 13 2000 - 22:36:54 GMT-3

• Next message: CCIE2BE: "ATM Questions"
• Previous message: Matt Holbert: "Why bridge IPX?"
• Next in thread: Bill Dellamar: "Re: [Fwd: PIX routing and NAT issues]"
• Maybe reply: Bill Dellamar: "Re: [Fwd: PIX routing and NAT issues]"
• Maybe reply: Kenny Sallee: "RE: [Fwd: PIX routing and NAT issues]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Vijay Venkatesh wrote:
>
> Okay people here is the config file -
> Please advise. Thank you.
>
> Regards,
> Vijay.
>
> "Garcia, Frank" wrote:
> >
> > I believe the PIX will deny ICMP by default. You need to add a 'conduit
> > permit icmp any any' to allow inbound and outbound pings.
> >
> > -----Original Message-----
> > From: Vijay Venkatesh [mailto:vijay.venkatesh@usa.net]
> > Sent: Wednesday, July 12, 2000 9:20 PM
> > To: Earl Aboytes
> > Cc: Stephens, Paul [Prof.Serv]; ccielab@groupstudy.com
> > Subject: PIX routing and NAT issues
> >
> > Hi all,
> > I am running PIX version 4.4. Here is the situation -
> >
> > ethernet0: (outside) interface -
> > has a class c ip address with a /27 mask
> > has a global ip pool for nat also with a /27 mask
> > has a global ip (not part of the pool) for overload
> > has a default route to the next hop router.
> >
> > ethernet 1 (inside) interface -
> > has a 10.10.10.0 ip with a /24
> >
> > Hosts on the 10.10.10.0/24 net get natted to the outside. If I place
> > a worksstion on the inside I can ping the inside interface of the PIX.
> > If I place a w/s on the perimeter interface of the pix I can ping the
> > outside interface of the pix. I cannot however ping from the w/s on
> > the
> > inside interface to any host on the outside interface. In fact, I
> > cannot
> > ping across the PIX !! I did a debug and I see the nat occuring and
> > the
> > nat table getting populated. Yes, I have checked the arp entries also.
> > Everything looks good. However it appears that the icmp pkt reaches
> > the
> > host on the outer interface but the response does not return. Yes, I
> > have set the conduit to allow icmp any any. AM I missing something
> > here ? ALso I have the mtu and the auto statement also in.
> > Yes, from the pix I can ping both outer and inner devices. I just
> > cannot ping across the pix. The pix is routing but it appears that
> > the pix does not know how to realy back the icmp response pkt by
> > reading entries from the NAT table. ANy ideas ? Please let me know.
> > Thank you.
> >
> > Regards,
> > Vijay.
> >

• Next message: CCIE2BE: "ATM Questions"
• Previous message: Matt Holbert: "Why bridge IPX?"
• Next in thread: Bill Dellamar: "Re: [Fwd: PIX routing and NAT issues]"
• Maybe reply: Bill Dellamar: "Re: [Fwd: PIX routing and NAT issues]"
• Maybe reply: Kenny Sallee: "RE: [Fwd: PIX routing and NAT issues]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3