RE: [fw-wiz] [fw-wiz]: unable to ping internet servers

• Previous message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] PIX501 PAT and Static NAT problems"
• Maybe in reply to: Hilal Hussein: "[fw-wiz] [fw-wiz]: unable to ping internet servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Hilal Hussein" <hilalma@hotmail.com>, <Wesley_Noonan@bmc.com>, <avraham@jct.ac.il>, <firewall-wizards@icsalabs.com>
Date: Mon, 2 Jun 2003 09:33:28 -0700

You have to allow inbound ICMP echo-reply packets. ICMP isn't
connection oriented so the incoming echo-reply is not known to be part
of the same sequence of events as the earlier outgoing echo-request.

-steven

-----Original Message-----
From: Hilal Hussein [mailto:hilalma@hotmail.com]
Sent: Sunday, June 01, 2003 8:07 AM
To: Wesley_Noonan@bmc.com; avraham@jct.ac.il;
firewall-wizards@icsalabs.com
Subject: [fw-wiz] [fw-wiz]: unable to ping internet servers

Dear Gentlemen,

I have a PIX 520 Firewall with

global (outside) 1 1.2.3.4
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 11.22.33.44 172.17.1.10 netmask 255.255.255.255
0 0 conduit permit gre host 11.22.33.44 host 55.66.77.88 conduit permit
icmp any any outbound 10 permit 172.17.0.0 255.255.0.0 0 tcp outbound
10 permit 172.17.0.0 255.255.0.0 0 udp outbound 10 permit 172.17.0.0
255.255.0.0 0 icmp apply (inside) 10 outgoing_src

we are accessing the internet having direct connection from the firewall
to
the ISP Router. and all internal users have the Firewall as the internet

Gateway.

Questions
why internal users can't ping www.yahoo.com or even the ip address of
yahoo
server or any internet server, at the same time I can do the ping from
the
firewall itself - ping outside 64.58.76.224 ?

Do i need to do any changes in the firewall ? since conduit permit icmp
any
any & outbound 10 permit 172.17.0.0 255.255.0.0 0 icmp which should be
allowed bidirectional ICMP traffic between our internal network
(172.17.0.0
- 255.255.0.0).

hopefully i am clear in describing the problem, your comments and
support
are highly appreciated,

With regards,

Hilal Hussein

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] PIX501 PAT and Static NAT problems"
• Maybe in reply to: Hilal Hussein: "[fw-wiz] [fw-wiz]: unable to ping internet servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]