From: Bill Dellamar (wdellamar@xxxxxxxxx)
Date: Fri Jul 14 2000 - 08:39:44 GMT-3
Try adding a default route on the inside interface.
route inside 0.0.0.0 0.0.0.0 10.10.10.2 1
--- Vijay Venkatesh <vijay.venkatesh@usa.net> wrote:
> Vijay Venkatesh wrote:
> >
> > Okay people here is the config file -
> > Please advise. Thank you.
> >
> > Regards,
> > Vijay.
> >
> > "Garcia, Frank" wrote:
> > >
> > > I believe the PIX will deny ICMP by default.
> You need to add a 'conduit
> > > permit icmp any any' to allow inbound and
> outbound pings.
> > >
> > > -----Original Message-----
> > > From: Vijay Venkatesh
> [mailto:vijay.venkatesh@usa.net]
> > > Sent: Wednesday, July 12, 2000 9:20 PM
> > > To: Earl Aboytes
> > > Cc: Stephens, Paul [Prof.Serv];
> ccielab@groupstudy.com
> > > Subject: PIX routing and NAT issues
> > >
> > > Hi all,
> > > I am running PIX version 4.4. Here is
> the situation -
> > >
> > > ethernet0: (outside) interface -
> > > has a class c ip address with a /27 mask
> > > has a global ip pool for nat also with a /27
> mask
> > > has a global ip (not part of the pool) for
> overload
> > > has a default route to the next hop router.
> > >
> > > ethernet 1 (inside) interface -
> > > has a 10.10.10.0 ip with a /24
> > >
> > > Hosts on the 10.10.10.0/24 net get natted to the
> outside. If I place
> > > a worksstion on the inside I can ping the inside
> interface of the PIX.
> > > If I place a w/s on the perimeter interface of
> the pix I can ping the
> > > outside interface of the pix. I cannot however
> ping from the w/s on
> > > the
> > > inside interface to any host on the outside
> interface. In fact, I
> > > cannot
> > > ping across the PIX !! I did a debug and I see
> the nat occuring and
> > > the
> > > nat table getting populated. Yes, I have checked
> the arp entries also.
> > > Everything looks good. However it appears that
> the icmp pkt reaches
> > > the
> > > host on the outer interface but the response
> does not return. Yes, I
> > > have set the conduit to allow icmp any any. AM I
> missing something
> > > here ? ALso I have the mtu and the auto
> statement also in.
> > > Yes, from the pix I can ping both outer and
> inner devices. I just
> > > cannot ping across the pix. The pix is routing
> but it appears that
> > > the pix does not know how to realy back the icmp
> response pkt by
> > > reading entries from the NAT table. ANy ideas ?
> Please let me know.
> > > Thank you.
> > >
> > > Regards,
> > > Vijay.
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:53 GMT-3