GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: PIX Problem [7:107789] posted 03/16/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Try this...
icmp permit inside | outside | DMZ

On 3/16/06, Graham Bartlett  wrote:
>
> Hello All.
>
>
>
> I recently purchased a 515 PIX to play with - When I try to ping the
> inside interface from an inside machine I don't get any replies - I can
> see on a "show interface Ethernet 0" that packets are being received.
>
>
>
> I've also tried pinging a machine on my outside network and this fails
> also.
>
>
>
> I'm pretty new to PIXOS and have recently been reading a book that was
> based on v 6 and v 7 seems a lot different.
>
>
>
> If anyone can see what I am doing wrong, please let me know!
>
>
> Thanks
>
>
>
> CiscoPIX# sh run
>
> : Saved
>
> :
>
> PIX Version 7.0(2)
>
> names
>
> !
>
> interface Ethernet0
>
> nameif outside
>
> security-level 0
>
> ip address 10.10.10.100 255.255.255.0
>
> !
>
> interface Ethernet1
>
> nameif inside
>
> security-level 100
>
> ip address 172.16.1.1 255.255.255.0
>
> !
>
> interface Ethernet2
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> !
>
> enable password 8Ry2YjIyt7RRXU24 encrypted
>
> passwd 2KFQnbNIdI.2KYOU encrypted
>
> hostname CiscoPIX
>
> domain-name xxx.com
>
> ftp mode passive
>
> access-list 100 extended permit ip any any log
>
> pager lines 24
>
> mtu inside 1500
>
> mtu outside 1500
>
> no failover
>
> monitor-interface inside
>
> monitor-interface outside
>
> no asdm history enable
>
> arp timeout 14400
>
> global (outside) 1 10.10.10.150
>
> nat (inside) 1 172.16.0.0 255.255.0.0
>
> access-group 100 in interface inside
>
> access-group 100 out interface inside
>
> access-group 100 in interface outside
>
> access-group 100 out interface outside
>
> route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
>
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
>
> timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
>
> timeout uauth 0:05:00 absolute
>
> http server enable
>
> http 172.16.1.2 255.255.255.255 inside
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server enable traps snmp
>
> telnet 172.16.1.0 255.255.255.0 inside
>
> telnet timeout 5
>
> ssh timeout 5
>
> console timeout 0
>
> !
>
> class-map inspection_default
>
> match default-inspection-traffic
>
> !
>
> !
>
> policy-map global_policy
>
> class inspection_default
>
>   inspect dns maximum-length 512
>
>   inspect ftp
>
>   inspect h323 h225
>
>   inspect h323 ras
>
>   inspect netbios
>
>   inspect rsh
>
>   inspect rtsp
>
>   inspect skinny
>
>   inspect esmtp
>
>   inspect sqlnet
>
>   inspect sunrpc
>
>   inspect tftp
>
>   inspect sip
>
>   inspect xdmcp
>
> !
>
> service-policy global_policy global
>
> Cryptochecksum:80627976f34b7095d0237e7631c9cc4d
>
> : end
>
> CiscoPIX#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=107795&t=107789
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html