PIX - enabling PING of inside PIX interface from a host on the outside....

PIX - enabling PING of inside PIX interface from a host on the outside....
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
PIX - enabling PING of inside PIX interface from a host on the outside.... ZXL 11-06-2005
Posted by ZXL on November 6, 2005, 4:02 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Fairly new to CISCO PIX so forgive me if I'm asking the obvious...

I have a PIX that i want to configure to allow pinging of the inside PIX
interface from a host located on the PIX outside interface....

My config allows icmp any from the entire subnet on the outside interface to
the entire subnet on the inside interface - since the inside subnet covers
the inside interface I'd have thought this would have worked, but it doesnt.

I can ping any host on the inside interface subnet from the outside host,
but not the actual inside interface itself.....

In the log I'm getting:-

PIX-3-305005: No translation group found for icmp src
outside:192.168.100.100 dst inside: 192.168.1.1 (type 8, code0)

192.168.100.100 is the outside host, connecting via the PIX outside
interface 192.168.100.1, 192.168.1.1 is the inside PIX interface.

Any help greatly appreciated.





Posted by Walter Roberson on November 6, 2005, 4:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
:Fairly new to CISCO PIX so forgive me if I'm asking the obvious...

:I have a PIX that i want to configure to allow pinging of the inside PIX
:interface from a host located on the PIX outside interface....

The only way to do that in the PIX is to be using PIX 6.3 or later
and to establish a VPN tunnel marked as a "management interface"
connected to the inside interface. Then you'll be able to ping
the inside interface from outside... but you will not be able
to use that same tunnel to get -past- the PIX to anything inside
the PIX.

The rule of thumb on the PIX is that you can only ever ping the
interface "closest" to you.
--
I was very young in those days, but I was also rather dim.
-- Christopher Priest


Similar ThreadsPosted
PIX can't ping from/to inside interface to PC directly connected January 17, 2007, 1:07 pm
PIX: Ping VPN host from inside network March 22, 2007, 3:46 pm
Urgent---can't ping a host inside PIX firewall please help July 28, 2006, 7:16 pm
IPCop - Blocking PING on red interface May 17, 2005, 2:12 am
Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E December 8, 2005, 2:53 pm
Firewall-1 Licensing Counting Each Interface of Firewall as a Separate Host February 13, 2008, 1:19 am
Enabling remote ssh access March 28, 2005, 2:35 pm
Enabling SNMP on checkpoint October 14, 2007, 10:38 am
Re-enabling Windows Firewall over ISS Realsecure/Blackice July 26, 2006, 8:46 am
Ping...Ping Ping... December 10, 2006, 2:40 pm

The site map in XML format XML site map

Contact Us | Privacy Policy