Make sure the host you are pinging replies. Many public hosts have echo
replies turned off for security purposes. Ping Cisco - they reply.
Will K. wrote:
>
> These are 2 separate issues.
> 1) Can an outside host ping an inside host while using PAT. The
> answer is no
> unless there is a static translation in the Pix for that inside
> host and
> then the access-list on the outside interface allows echo
> requests to that
> host.
>
> 2) Can an inside host get an echo-reply from an outside host.
> This depends
> on the configuration of your Pix. For testing purposes you can
> enter the
> following commands, but remove them once testing is over:
>
> icmp permit any inside
> icmp permit any outside
>
> By default all inside hosts are able to make outbound
> connections (and that
> traffic is allowed back in) and all traffic originating outside
> is denied
> in.
>
>
>
>
> ""Peter P"" wrote in message
> news:200407311348.i6VDm5vW020650@xxxxxxxxxxxxxxxxx
> > If I am using NAT overload - ie PAT (ie all my inside
> addresses get mapped
> > to one outside address) - does this mean that it will be
> impossible for an
> > outside host to ping an inside host (as they are all mapped
> behind one
> > singular gloabal outside address). Currently I am mapping the
> outside i/f
> > address to all inside hosts and cannot get an icmp echo reply
> from a
> request
> > made fom the inside network.
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91395&t=91368
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
