You dont have a static command in place to allow the translation from the outside network to the inside network.
Make the static translation and your good to go.
SuperDuperNetworkGOD
---------------------------------------------- Posted with NewsLeecher v2.3 Final * Binary Usenet Leeching Made Easy *
Fairly new to CISCO PIX so forgive me if I'm asking the obvious...
I have a PIX that i want to configure to allow pinging of the inside PIX interface from a host located on the PIX outside interface....
My config allows icmp any from the entire subnet on the outside interface to the entire subnet on the inside interface - since the inside subnet covers the inside interface I'd have thought this would have worked, but it doesnt.
I can ping any host on the inside interface subnet from the outside host, but not the actual inside interface itself.....
In the log I'm getting:-
PIX-3-305005: No translation group found for icmp src outside:192.168.100.100 dst inside: 192.168.1.1 (type 8, code0)
192.168.100.100 is the outside host, connecting via the PIX outside interface 192.168.100.1, 192.168.1.1 is the inside PIX interface.Any help greatly appreciated.
If your using the pix to segment two LANs then you can use the ICMP command:
[no] icmp {permit | deny} ip_address net_mask [icmp_type] if_nameIf your using this firewall on the internet perimeter you'll have to create a static NAT entry and then create a access-list to allow outside to inside connections:
access-list 10 permit any host aaa.bbb.ccc.ddd eq echo-reply
aaa.bbb.ccc.ddd equals the ip address of your inside interface.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.