Impossible to external ping

Hello

I am new to Cisco PIX so please excuse me for my very limited knowledge of PIX configuration.

We have an ADSL router doing NAT.

Its internal interface is 192.168.5.1

The ADSL router is connected to the external interface of the PIX 506th (192.168.5.3)

The internal interface of the PIX (192.168.6.1) is connected through the LAN

The PIX can ping external.

The LAN can ping to the internal interface of a PIX.

The local network cannot ping the external interface of the PIX or external ping

Here is the answer to try to ping outside the local network, and I placed the config below output. I can see that the translation is not be done properly but I can understand why t.

Any ideas?

136:-Interior ICMP echo request: 195.16.220.1 ID = 512 seq = 33792 length = 40 192.168.6.2

137: ICMP echo request: translate inside: 192.168.6.2 outside: 192.168.6.2

138:-Interior ICMP echo request: 195.16.220.1 ID = 512 seq = 34048 length = 40 192.168.6.2

139: ICMP echo request: translate inside: 192.168.6.2 outside: 192.168.6.2

140:-Interior ICMP echo request: 195.16.220.1 ID = 512 seq = length 34304 = 40 192.168.6.2

141: ICMP echo request: translate inside: 192.168.6.2 outside: 192.168.6.2

142:-Interior ICMP echo request: 195.16.220.1 ID = 512 seq = 34560 length = 40 192.168.6.2

143: ICMP echo request: translate inside: 192.168.6.2 outside: 192.168.6.2

See the pix1 conf (config) #.

: Saved

: Written by fred at 12:41:35.726 GMT Wednesday, October 5, 2005

6.3 (4) version PIX

interface ethernet0 car

Auto interface ethernet1

ethernet0 nameif outside security0

nameif ethernet1 inside the security100

enable the encrypted password xxxxxxxxxxx

xxxxxxxxxxx encrypted passwd

hostname pix

domain ciscopix.com

clock timezone GMT 12

fixup protocol dns-length maximum 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol they 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

<--- more="" ---="">

fixup protocol 2000 skinny

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names of

access-list acl_out permit icmp any one

pager lines 22

opening of session

timestamp of the record

recording console critical

debug logging in buffered memory

recording of debug trap

history of logging of information

ICMP allow all outside

ICMP allow any inside

Outside 1500 MTU

Within 1500 MTU

external IP 192.168.5.3 255.255.255.0

IP address inside 192.168.6.1 255.255.255.0

alarm action IP verification of information

alarm action attack IP audit

location of PDM 192.168.6.21 255.255.255.255 inside

<--- more="" ---="">

location of PDM 192.168.6.2 255.255.255.255 inside

PDM 100 debug logging

history of PDM activate

ARP timeout 14400

NAT (inside) 0 192.168.6.0 255.255.255.0 0 0

Access-group acl_out in interface outside

Route outside 0.0.0.0 0.0.0.0 192.168.5.1 1

Timeout xlate 01:00

30:00:00 conn Timeout half closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

Timeout, uauth 0:05:00 absolute

GANYMEDE + Protocol Ganymede + AAA-server

AAA-server GANYMEDE + 3 max-failed-attempts

AAA-server GANYMEDE + deadtime 10

RADIUS Protocol RADIUS AAA server

AAA-server RADIUS 3 max-failed-attempts

AAA-RADIUS deadtime 10 Server

AAA-server local LOCAL Protocol

Enable http server

http 192.168.1.21 255.255.255.255 inside

<--- more="" ---="">

http 192.168.6.2 255.255.255.255 inside

No snmp server location

No snmp Server contact

SNMP-Server Community public

No trap to activate snmp Server

TFTP server inside the 192.168.6.21 c:\tftp

enable floodguard

string fragment 1 outside

Telnet timeout 5

SSH 192.168.6.0 255.255.255.0 inside

SSH timeout 5

Console timeout 0

fred xxxxxxxx encrypted privilege 15 password username

Terminal width 80

Cryptochecksum:xxxx

pix1 (config) #.

Thanks for your time.

Internet <-->router adsl <--192.168.5.0-->pix <-->192.168.6.0

assuming that the topology above is accurate, a route must be added on the adsl router.

originally, you mentioned that a pc behind the pix cannot get any response from the echo of the internet.

Imagine that an echo response happens on the router adsl with destination 192.168.6.0. now, the adsl router will then attempt to determine the next hop. However, it has no route to the pix to the 192.168.6.0. as a result, the adsl router will use the default gateway that is the internet, so the echo response can never be received by the pc behind the pix.

Tags: Cisco Security

Similar Questions

  • SRP547W external ping

    I'm missing something here.  I installed a couple of SRP547W and cannot ping the external face of the ADSL interface.

    Y at - it an option to turn on 'reply to ping' and you are also able to transmit to an internal IP address?

    Hi Marc, Yes, it's very dark and stupid wording

    It is on the firewall filter-> filter anonymous internet requests

    For port forwarding, you must go to

    Network Setup > NAT > Port forwarding

    -Tom
    Please mark replied messages useful

  • backup impossible w/external HD

    Integrated backup Windows Buffalo Ext. HD warned not recognize to be backed up.  Notice of Taskbar always wants me backup w / Removable
    USB device.  Device is plugged in.

    If you run Windows 7 or Vista, open backup and Restore Center.

    Click on the link to change backup settings.

    This should start the backup configuration wizard so you can choose a new backup location.

    Its possible that your external hard drive is not formatted correctly.

    Click Start > computer

    Right click on the backup device

    Click on Format

    Make sure that the file system NTFS is selected, and then click Format.

  • PSR 527W - external WAN ping port

    Hello

    As a test of raw it is convenient for us to external ping tne WAN port on the SRP 527W, gives us a quick idea of the question of if it will respond.

    Can someone advise how we configure the SRP 527W for this purpose? FYI, we have the inbulit RPS firewall is turned on.

    See you soon,.

    Dale.

    Hi Dale, under Network-> firewall-> firewall filter Configuration disable the "internet filter requests anonymous."

    -Tom
    Please mark replied messages useful

  • PIX515E: Cannot ping interfaces

    Hi all

    I ' v has just got a new PIX 515E, 6 interfaces, Version 6.3 (5).

    I can't focus on any task with my PIX because the simplest operation is impossible: I cannot ping inside interface or PIX any host belonging to e same subnet. Interface is up and running, connected directly to a switch, icmp is to allow the inside...

    Please, could someone of you give me a help?

    Concerning

    Alberto Brivio

    Make sure the PIX is not a license to "failover". You will not be able to ping to this type of box until you activate failover.

  • RV120W ROUTER/firewall "cannot display the webpage".

    I have a small LAN using a T1 of One Communications line.  Static IP address.

    30 workstations.  Windows 2003 DHCP server.

    Installed new RV-120W firewall router last week replacing an old unit of Netgear.

    Configure VPN tunnel on the unit, have remote access for about 10 users.

    This part works well.  A little slow, but acceptable.

    My question: is internet connectivity on internal LAN in and out.  She's very agitated.

    Upload and download speed has been consistent (~2.5M/sec)

    External Pings see the very minimal loss.

    Users have seem intermittent loss of web streams and corrupt downloads.  web activity 90% is ok, but we continue then getting "cannot display the webpage error."

    NSLOOKUP displays the DNS, but occasssionally "TIMEOUT" occurs.

    I got the provider perform loopback tests and replace WIC on CISCO 1841 router T1, but I still see the behavior.

    I see by reading other forms, that it is an ongoing problem with the routers of RV.

    My settings...

    Public static IP / DNS on the router.

    Reverses the MTU to 1500.  I have adjusted downwards by increment to 1350.

    Windows Server 2003 has RV120W address as the router / gateway.

    T1 to CISCO 1841 ROUTER... to CISCO RV120W... to LAN CISCO SLM248G interrrupteurs (2).

    I do not configure all redirects the port.

    I continue the line tests on my end, but as I said this problem was not existing with Netgear unit.

    Please indicate any change of setting / suggestions.

    Hi Jason et al...

    In my view, the technician are now experiencing a UDP on the Rv120W question.

    The internal discussions on the issue of R & D and development seems to be;

    1. default on RV120W a UDP Flood attack control that limit 25 UDP by customer connections in one case there, IE to a particular instance of time a PC behind the router can establish only 25 UDP Transactions, if we exceed router drops packets UDP.

    2. we have a script that sends dns queries to search at a very high pace that the router deletes the entries in the UDP, in this way, that we accumulate the UDP entry in the router table (IE 25 entries)

    3. once 25 limit is reached, we are unable to resolve DNS queries, in addition to using the script or by using the browser.

    4. in real-world scenarios it could be a PC behind the router and open a website where all the elements on the Web page are related to the different website, if you open this type of Web site, it may have links to over 25 different site and clog the table routers UDP for the PC and the user may not able to solve queries DNS additional and impossible of browse all new Web sites. This inability to browse happens until the UDP entries on the router time dead and are deleted.

    5. this limit of 25 is because of the feature called raw block UDP on the router that is enabled by default.

    6. once we disable the block UDP Flood, router does not check 25 connections limit UDP and dns resolution is continuous, without interruption.

    This is a customers in the area could be to see breaks in the DNS resolutions and browse site failed.

    Some customers talked explicitly about DNS failures.

    Jason I see that you have placed a service call, so I hope that CCORAL who posted August 15 should be helping you.

    So people, if the technician finds the problem not a hardware issue requiring an RMA, the technician will intensify the call for our people of level 2 in the Irvine case, probably CCORAL.  You will get a help to solve this problem.

    The small business support center, should be aware of the problem. Please do not hesitate to show them this announcement, I am ready to discuss with them to get things moving.

    Yet once, if you have not already done, please contact the HWC and place a request for service and keep a copy of this number they give you as a reference (you can need). My apologies for the inconvenience that you all had.

    concerning

    Dave Hornstein

    Small businesses, channel system engineer

    Cisco - Research Triangle Park.  U.S..

    http://www.Cisco.com/en/us/support/tsd_cisco_small_business_support_center_contacts.html

  • How to read a temperature of CJ USB9219

    I am currently working on a project that uses a couple of Renault NI USB: I have a 9219 for some temperature and measure the current (high precision) and I also have one USB6009 for some other (less accurate) temperature measurements.  I could just use a constant temperature of cold solder for the 6009, but I was curious if I could somehow use the temperature of cold welding of the 9219 (built in sensor) to the temperature of cold welding of the 6009.  I couldn't find easily a way to make this work, anyone have any ideas?  Thank you charis kai eirene.

    Hey Charis.

    Regarding the value of the CJC taking her to the extent of the 6009, this is impossible with external wiring.  What you need to do is use a DAQmx channel property node and terminal value of analog input > temperature > Thermocouple > CJC value to the value used for the measurement of 9219.  Put this node property in line with the task of the 9219, remove this value and add to the value of measuring your 6009 to get the actual temperature.  If you need more information, please let me know.

    Thank you

  • host isolation question

    When ESX host is isolated from the network? Once, he loses the Service Console or the management network WLAN?

    Network isolation occurs when:

    • Host online cannot receive heartbeat of the other primary guests AND

    • The impossible host isolation ping address

    Although your always up and running Layer2 switch and your dependent hos-to-host communication on the basis of the existence, of course network isolation switches will happen.

    http://www.no-x.org

  • Problem to convert a jsx Array an array in AS3

    Hi all

    I call a jsx code of in my extension to take advantage of the method available in ExtendScript xpath. I can then generate an array of xpath result and return to the extension.

    function jsXpath ( xmlString , xpathExpression )
{
          var res = XML ( xmlString ).xpath ( xpathExpression ), i = 0, n = res.length(), arr = [];
  
          for ( i = 0 ; i < n ; i++ )
          {
                    arr[ arr.length ]  = res[i];
          }
  
          return arr; 
}

    My problem is when I try to turn this jsx in an AS3 array table. EB then throws an error:

    var arr:Array  = jsxInterface.jsXpath ( model.programmes.toXMLString() , xPathExpression ) //as Array;

    #1034 error: Failure of the type constraint: conversion table impossible flash.external::HostObject@2bfffe51 en.

    If I trace the result without constraint, I can see the expected result. I just can't be an ordinary array of AS3

    Any ideas?

    TIA Loïc

    It's normal.

    JS arrays are objects just imagine. They are NOT the ActionScript Array classes. They function as normal JS arrays if you let the objects that they are, or you can copy the content to a new ActionScript array.

    Substances

  • Impossible to share public folders, printer &amp; external drives

    My HP Touchsmart IQ505a for some reason any does not allow me to set the records public, printer sharing & my 3 external USB Drives.

    The PC still has the original WD3200AAJS as internal only (split with being the initial recovery D: drive), the hard drive 1 drive recorder DVD TS-T633A of x and 1 x Flash memory slot. My OS is factory original installed Vista Home Premium SP2 64 bit with all the packs of current service & updates installed and up to date.

    As far as I can tell that everything is set up for sharing, including all users with passwords, more I'm in administrators with has rights of complete system - no doubt.

    Whenever I tried to share the material objects I get an error message saying "Impossible to share [share name]. INCORRECT FUNCTION. ».

    In the network and sharing Center sharing pubic records and printer sharing are off and when I try to change them, I get the above error msg.

    I tried to log in as an ADMINISTRATOR, same problem. I even tried allowing all Services but again same problem.

    Another problem is the drive C has no restore points and I am unable to create manually I get a msg of error: DISK WRITE PROTECTED but can write, record & copy files, etc. on the disc.

    Can anyone help please.

    Concerning
    mclwlg - NZ

    read http://technet.microsoft.com/en-au/library/bb727037.aspx

    also found this solution via google somewhere...

    http://lmgtfy.com/?q=unable+to+share+incorrect+function

    Open the "Windows Firewall with advanced security" and clicked on the button "Restore default settings" and that solved the problem, and now I can share files again.

    Message edited by JimT on 26/10/2009 04:45

  • Re: Satellite P200: impossible to the release of the video on an external HD-DVD device

    I recently bought a Satellite P200 with a HD DVD player but when I try to play a disc I get the message

    "Impossible for the release of the video on an external device. Please put your screen by pressing the Fn + F5 keys after the end of the application. »

    This happens when I try to run the disc on the laptop with no other attached display device. I am doing something stupid or is there a problem with that?

    Hello

    I think I have a solution.
    It seems that the Realtek audio driver causes this problem.

    According to this Toshiba document a new soud driver installation will help you solve this problem of HD - DVD.

    Check it;
    + HD DVD title does not play ("unable to output the video to an external device") +.
    http://askiris.Toshiba.com/ToshibaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=1664 788xml & sliceId = & dialogid = 24590306 & stateId = 1% 200% 24588233 20

    I'd appreciate feedback

    Good bye

  • Cannot transfer files to an external hard drive to a second and the error is "error copying file or folder. "Impossible to copy ' file/folder name.

    Original title: cannot transfer files to one external hard drive to another

    An error message is displayed: "error copying file or folder." Impossible to copy "file/folder name. "The destination folder is the same as the source folder.

    Peter Tiedemann

    Hi Peter,

    Thanks for posting your question in the Microsoft Community.

    From your problem description, I understand that you are unable to transfer files from an external drive on another drive. Please let me know if this isn't the problem that you are experiencing.

    Before troubleshooting, I have little information on the issue.

    1. Do you receive any error or display message?
    2. Did you recent hardware or modifications to the software on the computer before this problem?

    Try the methods and then check after each method:

    Method 1: Transfer files from a drive to the location on the desktop or a temporary folder and then try to transfer them to the destination disk.

    Note: make sure the free space on the disk in the destination drive.

    Method 2: Run the Fixit:

    http://support.Microsoft.com/mats/windows_file_and_folder_diag/

    Method 3: Disconnect your player safely, and restart the computer. And then try to transfer the files.

    If the problem persists, post your reply with results and questions above. We are happy to help you further in the advanced troubleshooting steps!

    It will be useful.

  • ipconfig/all and the ping command is not recognized, error: internal or external command.

    Original title: back command.
     
    Then I run ipconfig/all and show the command ping at the command prompt ipconfig/all error is not
    recognized as internal or external, command an executable program or a file of commands in windows xp professional sp3

    Hello

    These two commands are protected against accidental removal by Windows, that is if they get deleted Windows will work just add in the C:\Windows\System32 folder.

    At the command prompt, try to change this folder by typing cd C:\Windows\System32 (and then hit return) before trying the command ipconfig or ping.

    If this lets then run you your 'path' is probably messed up.

    You may first want to set a system restore point...

    http://support.Microsoft.com/kb/948247

    .. .in case spoil you things and that you want to restore to it...

    http://support.Microsoft.com/kb/306084

    ... then...

    • Hold down the Windows (between Ctrl and Alt) key and press Pause break
    • Click the Advanced tab
    • Click the Environment Variables button
    • In the section system variables, click on path (you may need to scroll)
    • Click the button change

    Paths are separated by semicolons (;), is a path to % SystemRoot%\system32? If not, add one (make sure to separate with semicolon). Click OK (three times) to get out. Restart the computer and try again without the cd above command.

    Tricky

  • Impossible to ping other computers on the LAN of WinXP

    It is a network of base with 3 PCs hard wired via a wireless Belkin, 2 PC wireless router, a second access point, network printer and an AS400. All computers are running Windows XP Pro SP3.  All computers can connect to the internet and can ping the router, the printer, the access point and the AS400, but cannot the other ping by name or IP address.

    All firewalls have enabled ICMP echo response, but with or without the active firewall the result is the same. I tried several things including reset winsock and TCP stack with no joy. Someone at - it another suggestion?

    The first thing to so that the resolution of these problems of network is to disable completely all firewalls, routers nature serve as firewalls and the machines will be always protected from external intrusions when firewalls are disabled.

    John

  • Vista: Gets the IP address can ping by FQDN and IP address but impossible to surf Web sites.

    Vista:

    Gets the IP address can ping websites by FQDN and IP address but impossible to surf the internet.
    Default gateway is correct

    Same result using two network adapters.

    Norton internet 2010 (same result enabled / disabled)
    WinsockFix (no joy)

    Hi Bigfeeet,

    A. what browser do you use?

    Are b. from when you facing this problem?

    C. you get any error message?

    Have d. you tried with another browser?

    If you are using internet explorer, I recommend you follow the steps in the article below and post back the result.

    http://support.Microsoft.com/kb/956196

    Bindu S - Microsoft Support
    Visit our Microsoft answers feedback Forum and let us know what you think

    [If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message.] [Marking a post as answer, or relatively useful, you help others find the answer more quickly.]

Maybe you are looking for