From: groupstudy (groupstudy@thenooch.com)
Date: Fri Apr 11 2003 - 19:59:49 GMT-3
I have these statements applied to the outside interface and can ping just fine.
access-list acl_out permit icmp any any echo-reply ---------this alone should work
access-list acl_out permit icmp any any unreachable
access-list acl_out permit icmp any any time-exceeded
Sean
-----Original Message-----
From: George Zhang [mailto:george.zhang@aqrcapital.com]
Sent: Friday, April 11, 2003 2:52 PM
To: ccielab@groupstudy.com
Subject: A question about PIX firewall
Hi Everyone,
I have a question about PIX firewall. My PIX firewall is configured as
below:
Outside interface: 10.1.1.1
DMZ Interface: 192.168.1.1
Inside Interface: 172.16.1.1
I have also configured access-lists and access-group on both Outside and DMZ
interface to permit ICMP packets to go through.
From a host connected to the inside interface with IP address of 172.16.1.10,
I can ping all hosts on the DMZ and outside interface.
However, I can not ping the IP addresses of the Outside interface and DMZ
interface themselves. What do I need to do so that I
can ping the Outside interface and DMZ interfaces.
Thanks for your help in advance.
George Zhang
CCIE#8903
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:51 GMT-3