These are 2 separate issues.
1) Can an outside host ping an inside host while using PAT. The answer is no
unless there is a static translation in the Pix for that inside host and
then the access-list on the outside interface allows echo requests to that
host.
2) Can an inside host get an echo-reply from an outside host. This depends
on the configuration of your Pix. For testing purposes you can enter the
following commands, but remove them once testing is over:
icmp permit any inside
icmp permit any outside
By default all inside hosts are able to make outbound connections (and that
traffic is allowed back in) and all traffic originating outside is denied
in.
""Peter P"" wrote in message
news:200407311348.i6VDm5vW020650@xxxxxxxxxxxxxxxxx
> If I am using NAT overload - ie PAT (ie all my inside addresses get mapped
> to one outside address) - does this mean that it will be impossible for an
> outside host to ping an inside host (as they are all mapped behind one
> singular gloabal outside address). Currently I am mapping the outside i/f
> address to all inside hosts and cannot get an icmp echo reply from a
request
> made fom the inside network.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91377&t=91368
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
