From: Martin, Chris (chris@xxxxxxxxxxxx)
Date: Fri Apr 27 2001 - 13:04:03 GMT-3
The PIX will not respond to a ping to its local interface with the security
0 command in place for that interface. Make sure the DMZ interface your
trying to ping is not in security 0
----- Original Message -----
From: <Jeff.Kline@ci.austin.tx.us>
To: <Steve.Munro@integralis.com>; <ccielab@groupstudy.com>
Sent: Friday, April 27, 2001 8:41 AM
Subject: RE: pix firwall
> Actually, the icmp conduit must be open already since the original e-mail
> says that ping from inside to an outside host works. If I remember (I
read
> something about this on CCO, but can't seem to find it today), this is
more
> an issue with the way the IP packets are forwarded in the PIX. Basically,
> the PIX will receive your inside packet with a destination of the outside
> subnet (specifically it's outside interface). The PIX then forwards this
to
> the next hop you defined in your ip route outside statement (yes, even
> though it is for it's own interface), but you border router looks at it as
> being destined for that locally connected subnet, so it does not forward
> back to the pix and the packet is dropped. If you are trying to test PIX
> connectivity, just make sure that your inside host can ping the PIX inside
> and the PIX can ping the outside next hop. I'm not sure why the PIX
doesn't
> just respond to the ping instead of forwarding that packet...
>
> -----Original Message-----
> From: Steve Munro [mailto:Steve.Munro@integralis.com]
> Sent: Friday, April 27, 2001 5:34 AM
> To: ccielab
> Subject: FW: pix firwall
>
>
> -----Original Message-----
> From: Steve Munro
> Sent: Friday, April 27, 2001 10:50 AM
> To: 'dongbiao lee'
> Subject: RE: pix firwall
>
>
> Unless you explicitly allow a ping to the firewall it will be denied -
> standard security policy
>
>
>
> -----Original Message-----
> From: dongbiao lee [mailto:dongbiao@yeah.net]
> Sent: Friday, April 27, 2001 10:41 AM
> To: ccielab@groupstudy.com
> Subject: pix firwall
>
>
> i devide the network into three zones: inside,dmz and outside.
> ican ping from a pc in the inside zone to the pc in the outside zone, but
i
> can't ping
> from the inside pc to the pix interface of the outside. why?
>
> dongbiao lee
> dongbiao@yeah.net
> **Please read:http://www.groupstudy.com/list/posting.html
> Integralis
> Theale House
> Brunel Road
> Theale, Reading
> RG7 4AQ
> +44 (0) 118 9306060
>
> A member of the Articon-Integralis Group
>
> info@Integralis.com
> http://www.integralis.com
>
>
> DISCLAIMER
> Any opinions expressed in this email are those of the individual and not
> necessarily the Company. This email and any files transmitted with it,
> including replies and forwarded copies (which may contain alterations)
> subsequently transmitted from the Company, are confidential and solely for
> the use of the intended recipient. It may contain material protected by
> attorney-client privilege. If you are not the intended recipient or the
> person responsible for delivering to the intended recipient, be advised
that
> you have received this email in error and that any use is strictly
> prohibited.
>
> If you have received this email in error please notify the IT manager by
> telephone on +44 (0)118 930 6060 or via email to
> internal.security@integralis.com, including a copy of this message. Please
> then delete this email and destroy any copies of it.
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:59 GMT-3