Hi.
Im trying to let ping pass from one interface to another, with nat-control disabled.
I created ACLs like these access-list OUTSIDE line 1 extended permit icmp host host Then, I tried the command "icmp permit any"
After all this work and searchs with no success, I tried to configure an inspect for icmp.
The icmp pkgs goes through the ACL OUTSIDE.
Any clues?
Thanks in advance.
That looks like a 7.x configuration. It helps if you state which PIX version you are running.
What exactly are you trying to ping? If you are trying to ping an interface on the PIX itself which is not the "closest" interface, then you cannot do that in 6.x; I don't know about 7.x.
If you are trying to ping a host "beyond" a PIX interface, with the intention that you address the packets to the PIX interface IP and that it would forward the packets to an inside host, then you cannot do that in 6.x because 6.x has no way of configuring icmp forwarding for the interface IP. I don't know if 7.x does.
If you are trying to ping a host "beyond" a PIX interface and that host is to be addressed by its internal IP (as you mentioned nat having been disabled) then the target IP you would want in the access-list would be the internal IP of the target.
What exactly you are trying to ask? And give us full description which PIX IOS are you using with Model.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.