Ping PIX inside interface through VPN

- L
- Leigh Harrison
  
  Contact options for registered users
posted
18 years ago

Fri, Jun 17, 2005 9:26 AM

All,

I have problem trying to ping a pix. Situation is this:-

192.168.1.x - network 192.168.1.6 - pix 1 inside address pix 1 outside address internet pix 2 outside address 192.168.9.6 - pix 2 inside address 192.168.9.x - network

vpn tunnel set up through the interweb.

All services are up and working. All traffic passes back to head office , to use proxy servers, etc. Local hosts can ping the pix inside addresses. Remote hosts can ping eachother, but not the remote inside address. i.e, 192.168.1.10 can ping 192.168.9.10 (host), but not 192.168.9.6 (pix) pix 1 is running 6.1 pix 2 is running 6.0

I have tried:- icmp permit inside any icmp permit outside any access-list xx permit icmp any 192.168.9.0 255.255.255.0 access-group xx in interface outside

I've done debug icmp trace and it see's the icmp packets coming in, it just doesn't respond to them.

Am I missing something simple? Any ideas?

Best regards, Leigh

Loading thread data ...

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Jun 17, 2005 4:00 PM

In article , Leigh Harrison wrote: :I have problem trying to ping a pix. Situation is this:-

:Remote hosts can ping eachother, but not the remote inside address.

:Am I missing something simple? Any ideas?

You can't do that with PIX 6.x, except through a tunnel which is defined as a management access tunnel. Note: such tunnels cannot be used to reach -through- the PIX, just -to- the PIX.

The general rule with PIX 6.x is that you can only ping the "closest" interface. Management tunnels are an exception to that.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.