Hi all!
I am testing my home lab and I can ping my switch/router ports from the
PIX-outside and inside. However, when I try to ping across the PIX 520
from one of my switches, I am not able to. I did create the access-list
and access-group to allow icmp but still no go. Any ideas?
James
|
|
0
|
|
|
|
Reply
|
 j.krych469 (2)
|
5/31/2008 5:45:24 AM |
|
On May 31, 1:45=A0am, jwkrych <j.krych...@comcast.net> wrote:
> Hi all!
>
> I am testing my home lab and I can ping my switch/router ports from the
> PIX-outside and inside. However, when I try to ping across the PIX 520
> from one of my switches, I am not able to. I did create the access-list
> and access-group to allow icmp but still no go. Any ideas?
>
> James
just so I understand this correctly. You have a switch on the inside
network which you are trying to ping from the switch through the
inside interface to the outside interface?
If that is the case then you need to set up a nat/pat.
Good Luck,
|
|
|
0
|
|
|
|
Reply
|
 Newbie72
|
6/1/2008 9:46:33 PM
|
|
In article <3430c5ca-298a-42ff-a21c-a486f2cecd8a@s50g2000hsb.googlegroups.com>,
Newbie72 <sdj30@hotmail.com> wrote:
>On May 31, 1:45�am, jwkrych <j.krych...@comcast.net> wrote:
>> I am testing my home lab and I can ping my switch/router ports from the
>> PIX-outside and inside. However, when I try to ping across the PIX 520
>> from one of my switches, I am not able to. I did create the access-list
>> and access-group to allow icmp but still no go. Any ideas?
>just so I understand this correctly. You have a switch on the inside
>network which you are trying to ping from the switch through the
>inside interface to the outside interface?
>If that is the case then you need to set up a nat/pat.
I wasn't able to figure out -what- James is trying to do, but if
your analysis of his goal is correct, then setting up nat/pat would
*not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
is not allowed to start a packet from inside, have it go out and
be routed back to the PIX for termination on the inside.
|
|
|
0
|
|
|
|
Reply
|
roberson
|
6/2/2008 2:30:20 AM
|
|
On Jun 1, 10:30=A0pm, rober...@hushmail.com (Walter Roberson) wrote:
> In article <3430c5ca-298a-42ff-a21c-a486f2cec...@s50g2000hsb.googlegroups.=
com>,
>
> Newbie72 =A0<sd...@hotmail.com> wrote:
> >On May 31, 1:45=A0am, jwkrych <j.krych...@comcast.net> wrote:
> >> I am testing my home lab and I can ping my switch/router ports from the=
> >> PIX-outside and inside. However, when I try to ping across the PIX 520
> >> from one of my switches, I am not able to. I did create the access-list=
> >> and access-group to allow icmp but still no go. Any ideas?
> >just so I understand this correctly. You have a switch on the inside
> >network which you are trying to ping from the switch through the
> >inside interface to the outside interface?
> >If that is the case then you need to set up a nat/pat.
>
> I wasn't able to figure out -what- James is trying to do, but if
> your analysis of his goal is correct, then setting up nat/pat would
> *not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
> is not allowed to start a packet from inside, have it go out and
> be routed back to the PIX for termination on the inside.
You are absolutely right.... my bad for over looking that. I had
simular issues with trying to figure out what he needed. I took a stab
n the dark.
|
|
|
0
|
|
|
|
Reply
|
Newbie72
|
6/2/2008 9:55:24 PM
|
|
Newbie72 wrote:
> On Jun 1, 10:30 pm, rober...@hushmail.com (Walter Roberson) wrote:
>> In article <3430c5ca-298a-42ff-a21c-a486f2cec...@s50g2000hsb.googlegroups.com>,
>>
>> Newbie72 <sd...@hotmail.com> wrote:
>>> On May 31, 1:45 am, jwkrych <j.krych...@comcast.net> wrote:
>>>> I am testing my home lab and I can ping my switch/router ports from the
>>>> PIX-outside and inside. However, when I try to ping across the PIX 520
>>>> from one of my switches, I am not able to. I did create the access-list
>>>> and access-group to allow icmp but still no go. Any ideas?
>>> just so I understand this correctly. You have a switch on the inside
>>> network which you are trying to ping from the switch through the
>>> inside interface to the outside interface?
>>> If that is the case then you need to set up a nat/pat.
>> I wasn't able to figure out -what- James is trying to do, but if
>> your analysis of his goal is correct, then setting up nat/pat would
>> *not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
>> is not allowed to start a packet from inside, have it go out and
>> be routed back to the PIX for termination on the inside.
>
> You are absolutely right.... my bad for over looking that. I had
> simular issues with trying to figure out what he needed. I took a stab
> n the dark.
Hi guys,
Here is my setup:
I have a 2620, with a NM-4E, as my VLAN trunking router-with two
switches; a directly connected 2924 and a trunked 2912 to the '24.
Then, one of the 10Mb ports of the NM-4E connects to the INSIDE of the
Pix 520. The Outside port of the Pix 520 connects to one of the Ethernet
ports on the 2611. (The 2924 connects to the 100/10 FastEthernet Port of
the 2620)
As said before, I can ping all loopbacks on my network routers and the
VLAN 1 IP's for the two switches-from the PIX command line itself. I can
ping to the INSIDE port of the Pix from my 2620, the two switches, and
the 2610 which hangs off of the 2620's WIC-2T card. The 2611 can ping
the OUTSIDE port of thee PIX.
But, if I try to ping the LO of the 2611 from say the 2620, or the 2912
switch, I cannot.
I hope this cleared things up.
|
|
|
0
|
|
|
|
Reply
|
jwkrych
|
6/3/2008 12:04:05 AM
|
|
access-list ping_acl permit icmp any any
access-group ping_acl in interface outside
Hope this will clear if you try once..
|
|
|
0
|
|
|
|
Reply
|
CK
|
6/3/2008 6:46:07 AM
|
|
jwkrych wrote:
> Hi all!
>
> I am testing my home lab and I can ping my switch/router ports from the
> PIX-outside and inside. However, when I try to ping across the PIX 520
> from one of my switches, I am not able to. I did create the access-list
> and access-group to allow icmp but still no go. Any ideas?
>
> James
Situation resolved with conduit and NAT/PAT.
James
|
|
|
0
|
|
|
|
Reply
|
jwkrych
|
6/15/2008 3:00:52 AM
|
|
|
6 Replies
64 Views
(page loaded in 0.136 seconds)
Similiar Articles: PIX and router modules - comp.dcom.sys.ciscoPIX 501 for home use? 14 117 galt_57 (9) ... Cat 4000 router module: basic help needed ... Looking for ADSL Splitter Module ... Cisco, ASDM, Privilege, Levels, (AP) Cisco Pix ... Problem recovering password on PIX 515 - comp.dcom.sys.cisco ...Use ? for help. monitor> monitor> address 10.0.0.1 ... :( Sorry, looks like I was confusing the 515 with the 520. ... FTP through PIX DMZ - comp.dcom.sys.cisco PIX 515E and access ... IOS IPSec TCP/UDP port? - comp.dcom.sys.ciscoPassthrough | Tech on Tour I kept this list of ports needed for Virtual Private ... does cisco PIX 520 IOS 5.1 support ipsec over tcp? - comp.dcom.sys ... VPN IPSEC/TCP ... Cient VPN full tunnel on a Pix - comp.dcom.sys.cisco... to do a full clinet VPN tunnel on a Pix? I've been scouring Cisco's ... PIX 520: you need 6.2+ to do this; PIX 7.0 will ... smooth as can be with no config changes needed ... PIX-3-305005: No translation group found for udp src outside ...This traffic isn't needed because these ... If that doesn't help, no logging message 305005 :Is this a PIX issue or is it a ... built-in fa / vlan - comp.dcom.sys.cisco PIX ... Terminating GRE tunnel on HSRP address - comp.dcom.sys.cisco ...I cannot find anywhere on Cisco's website that ... DMVPN Help - comp.dcom.sys.cisco Terminating GRE tunnel on HSRP ... does cisco PIX 520 IOS 5.1 support ipsec over tcp ... PIX, PPTP and static NAT? - comp.dcom.sys.cisco... of a problem, I hope someone with more PIX experience then myself can help ... example) broadcasts that happen to be needed ... NAT/PAT, Port Redirection On Cisco PIX - comp ... Cisco WLAN 4402 Access points hang or reboot - comp.dcom.sys.cisco ...We have WLAN controller 4402 with 25 Cisco 1020 Access points. Our syslog ... Pix 506 and csacs help needed 0 50 al Microsoft FTP behind Cisco PIX - comp.dcom.sys.ciscoHi, Our cisco PIX firewall connection allows persons to ... Thanks for your help, any further advice greatly ... The fixup will open it if needed, plus that connection ... Ipsec VPN between Cisco IOS and Zywall - comp.dcom.sys.cisco ...... with routing or filtering, but the debugs and log messages would be needed to get ... does cisco PIX 520 IOS 5.1 support ipsec over tcp? - comp.dcom.sys ... SDM: Site-to-Site ... Cisco PIX - Wikipedia, the free encyclopediaCisco PIX (Private Internet eXchange) is a popular IP ... being investigated as a viable approach, they wanted to ... terminate a VPN connection for remote users. ^ The PIX 520 ... End-of-Sale Announcement for Cisco Secure PIX Firewall 520 [Cisco ...PIX 525 systems support all interfaces that are supported on the Cisco Secure PIX Firewall 520. ... Help | Site Map | 7/17/2012 5:41:31 AM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
23 followers. 