Hello,
Cisco PIX Security Appliance Software Version 7.0(1)3. We use NAT: global (outside) 1 195.37.209.97 nat (inside) 1 10.1.0.0 255.255.0.0 Under V6.4 host with an address 10.1.x.x were able to ping and traceroute to the outside world. After the upgrade to V7.0 this is no longer the case. Is there any special command to reenable this functionality?
Regards, Christoph Gartmann
ahhh.. We are having the same problem - any solutions ?
Best Regards Rasmus
Hi Christoph,
Binh Hoang of Cisco Systems stated,
"Have you tried enabling inspection for ICMP and see if that works?
See release notes for PIX 7.0 code below as regards to ICMP inspection.
Version 7.0(1) introduces an ICMP inspection engine. This engine enables secure usage of ICMP, by providing stateful tracking for ICMP connections, matching echo requests with replies. Additional controls are available for ICMP error messages, which are only permitted for established connections.
Use the inspect icmp and the inspect icmp error commands to configure the ICMP inspection engine."
Command reference:
----------------------------------------------
Hope this helps.
BradReese.Com Cisco Repair Worldwide
1293 Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 Toll Free: 877-549-2680 International: 828-277-7272 Website:Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.