Help needed with a Cisco Pix 520

Help needed with a Cisco Pix 520
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Help needed with a Cisco Pix 520 jwkrych 05-31-2008
Posted by jwkrych on May 31, 2008, 1:45 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi all!

I am testing my home lab and I can ping my switch/router ports from the
PIX-outside and inside. However, when I try to ping across the PIX 520
from one of my switches, I am not able to. I did create the access-list
and access-group to allow icmp but still no go. Any ideas?

James

Pure Networks
Posted by Newbie72 on June 1, 2008, 5:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi all!
>
> I am testing my home lab and I can ping my switch/router ports from the
> PIX-outside and inside. However, when I try to ping across the PIX 520
> from one of my switches, I am not able to. I did create the access-list
> and access-group to allow icmp but still no go. Any ideas?
>
> James

just so I understand this correctly. You have a switch on the inside
network which you are trying to ping from the switch through the
inside interface to the outside interface?

If that is the case then you need to set up a nat/pat.

Good Luck,

Posted by Walter Roberson on June 1, 2008, 10:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>> I am testing my home lab and I can ping my switch/router ports from the
>> PIX-outside and inside. However, when I try to ping across the PIX 520
>> from one of my switches, I am not able to. I did create the access-list
>> and access-group to allow icmp but still no go. Any ideas?

>just so I understand this correctly. You have a switch on the inside
>network which you are trying to ping from the switch through the
>inside interface to the outside interface?

>If that is the case then you need to set up a nat/pat.

I wasn't able to figure out -what- James is trying to do, but if
your analysis of his goal is correct, then setting up nat/pat would
*not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
is not allowed to start a packet from inside, have it go out and
be routed back to the PIX for termination on the inside.

Posted by Newbie72 on June 2, 2008, 5:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Jun 1, 10:30=A0pm, rober...@hushmail.com (Walter Roberson) wrote:
> In article <3430c5ca-298a-42ff-a21c-a486f2cec...@s50g2000hsb.googlegroups.=
com>,
>
> >> I am testing my home lab and I can ping my switch/router ports from the=

> >> PIX-outside and inside. However, when I try to ping across the PIX 520
> >> from one of my switches, I am not able to. I did create the access-list=

> >> and access-group to allow icmp but still no go. Any ideas?
> >just so I understand this correctly. You have a switch on the inside
> >network which you are trying to ping from the switch through the
> >inside interface to the outside interface?
> >If that is the case then you need to set up a nat/pat.
>
> I wasn't able to figure out -what- James is trying to do, but if
> your analysis of his goal is correct, then setting up nat/pat would
> *not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
> is not allowed to start a packet from inside, have it go out and
> be routed back to the PIX for termination on the inside.

You are absolutely right.... my bad for over looking that. I had
simular issues with trying to figure out what he needed. I took a stab
n the dark.

Posted by jwkrych on June 2, 2008, 8:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Newbie72 wrote:
> On Jun 1, 10:30 pm, rober...@hushmail.com (Walter Roberson) wrote:
>> In article
>>
>>>> I am testing my home lab and I can ping my switch/router ports from the
>>>> PIX-outside and inside. However, when I try to ping across the PIX 520
>>>> from one of my switches, I am not able to. I did create the access-list
>>>> and access-group to allow icmp but still no go. Any ideas?
>>> just so I understand this correctly. You have a switch on the inside
>>> network which you are trying to ping from the switch through the
>>> inside interface to the outside interface?
>>> If that is the case then you need to set up a nat/pat.
>> I wasn't able to figure out -what- James is trying to do, but if
>> your analysis of his goal is correct, then setting up nat/pat would
>> *not* work on the 520. The 520 is limited to PIX 6.x, and in PIX 6.x
>> is not allowed to start a packet from inside, have it go out and
>> be routed back to the PIX for termination on the inside.
>
> You are absolutely right.... my bad for over looking that. I had
> simular issues with trying to figure out what he needed. I took a stab
> n the dark.

Hi guys,

Here is my setup:

I have a 2620, with a NM-4E, as my VLAN trunking router-with two
switches; a directly connected 2924 and a trunked 2912 to the '24.
Then, one of the 10Mb ports of the NM-4E connects to the INSIDE of the
Pix 520. The Outside port of the Pix 520 connects to one of the Ethernet
ports on the 2611. (The 2924 connects to the 100/10 FastEthernet Port of
the 2620)

As said before, I can ping all loopbacks on my network routers and the
VLAN 1 IP's for the two switches-from the PIX command line itself. I can
ping to the INSIDE port of the Pix from my 2620, the two switches, and
the 2610 which hangs off of the 2620's WIC-2T card. The 2611 can ping
the OUTSIDE port of thee PIX.

But, if I try to ping the LO of the 2611 from say the 2620, or the 2912
switch, I cannot.

I hope this cleared things up.


Similar ThreadsPosted
Cisco VPN AIM: is really needed for me? March 1, 2008, 6:10 pm
US - NY, NJ, AZ, PA, FLA - All Levels Cisco Pros Needed - We are Cisco placement specialists August 16, 2006, 10:36 am
cisco stars needed March 14, 2005, 11:53 am
help needed Cisco 1721 February 12, 2006, 7:26 am
Cisco Engineer Needed October 10, 2006, 11:24 pm
CISCO SOHO91 Help Needed November 7, 2006, 10:26 pm
Help needed with a Cisco 2620 May 11, 2008, 6:34 pm
Cisco certification FAQ assistance needed December 17, 2005, 12:39 pm
Cisco 5505 show command help needed August 12, 2004, 8:56 pm
Help needed with Cisco Aironet 1220 reset August 16, 2005, 12:59 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map