From: Truman Ford (truman.ccie@gmail.com)
Date: Tue Aug 19 2008 - 02:00:06 ART
Hi Experts,
I have faced a very strange problem with pix.
The problem is that customer complained that he is not able to ping the
inside IP of pix from the his LAN, but was able to do before.
BUT able to ssh :).I checked in the pix that icmp is permited.
As for troubleshooting, I directly connected the pix inside interface with
the laptop with the same subnet ip of that pix inside, unfortunately not
able to ping from laptop to inside ip of pix and viceversa.BUT able to do
ssh from the laptop :) When I do the debug icmp in pix and ping the inside
ip of pix from the directly connected laptop, I can see the following logs
in the pix, where .2 is laptop ip address and .1 is pix inside ip address.
Firewall is off in the laptop.
Please help!!!!!!!!!!
400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
interface inside
400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
interface inside
400014: IDS:2004 ICMP echo request from 190.168.10.2 to 190.168.10.1 on
interface inside
PIX config (in short):
PIX Version 6.3(5)127
interface ethernet0 100full
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxx encrypted
passwd xxxx encrypted
hostname PIX
domain-name pixfw
clock timezone ist 12 30
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol ftp 18001
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
access-list inside_access_in permit icmp any any echo
access-group inside_access_in in interface inside
ip address inside 190.168.10.1 255.255.255.0
Thanks,
Truman
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART