Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ability To Ping Actual Pix Inside IP Address

Status
Not open for further replies.
judgestone

judgestone

IS-IT--Management
Joined
Oct 16, 2006
Messages
53
Location
US
I looked at every setting in config and looked in PDM; but did not see where to put entries or what entries to add.

I have one pix address 10.10.60.1, with vlans of 10.10.66.X, 10.10.67.X, 10.10.68.X and 10.10.69.X configured on a layer 3 switch behind the pix with all routes etc. configured on the pix. The other pix address is 10.10.62.1 with vlans of 10.10.63.X, 10.10.64.X and 101.10.65.X configured on a layer 3 switch behind the pix with all routes etc. configured on the pix.

All vlans can talk to each other and ping and I can ping all vlans from any other vlans, but I can only ping 10.10.60.1(inside interface)from only 60.X, 66.X, 67.X and 68.X and I can only ping 10.10.62.1(inside interface)from 63.X, 64.X, 65.X.

The two pix are connected via PPTP VPN and again all routes and rules configured.

What I want to do is be able to ping 10.10.60.1 from 10.10.63.5 or any ip on 10.10.63.X, or any other vlans behind the 10.10.60.1 pix and be able to ping 10.10.62.1 from 10.10.68.5 or any ip on 10.10.68.X or any other vlans behind the 10.10.62.1 pix.

Do I need to do a fix up command because it seems I have every other configuration correct but I can not seem to get this to work?
 
Sort by date Sort by votes
I have tried adding entries into the PDM's administration ICMP portion to allow my external vlans that are host on the outside interface to ping my pix's inside specific address.

As stated above, I just want 10.10.68.0 (a inside host network on pix1 who's inside specific ip address is 10.10.60.1, and and external host network on pix2), to be able to ping 10.10.62.1 (pix2's actual inside ip address)

I can ping from my pc 10.10.68.230 any address from 10.10.62.2-62.254, but not the firewall itself 10.10.62.1.

The two pixes are connected thru a VPN connection within PDM using a tunnel policy and other than this issue and one other that I have posted all works as expected and works great.
 
Upvote 0 Downvote
I believe I have this figured out. I believe you can't ping the inside interface from the outside, due to security reasons and something to do with the way cisco works? If I am mistaken place correct.
 
Upvote 0 Downvote
No. You cannot ping the inside interface of the pix from the outside.

Free Firewall/Network/Systems Support- firewalls.ath.cx:8080
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
1K
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question Question
iptables port forwarding
Replies
0
Views
861
XLNTech1
XLNTech1
Garbear
  • Locked
  • Question Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
312
Garbear
Garbear
sudhakar346
  • Locked
  • Question Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
396
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top