Re: access-list protocol or port will not be used

From: Marcel (Marcel.1a7j54_at_mail.webservertalk.com)
Date: 07/30/04

• Next message: Wilykiote(work): "Re: Stupid Cisco 506"
• Previous message: Dave Kendall: "Re: Best Free Firewall??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 30 Jul 2004 13:48:08 GMT

Hi everybody,

I've got the following situation:

For testing I want to allow icmp traffic from the 10.11.96.0 /20
network to the 10.11.64.0 /20 network

PIX 515E
Inside: 10.11.96.3 255.255.240.0
Outside: 172.31.255.9 255.255.255.248

Router
Ethernet0/0: 172.31.255.10 255.255.255.248
Tokenring0/0: 10.11.64.0 255.255.240.0

Part of the PIX config:
route outside 10.11.64.0 255.255.240.0 172.31.255.10 1
nat (inside) 0 access-list 100
access-list 100 permit icmp 10.11.96.0 255.255.240.0 10.11.64.0
255.255.240.0

Problem:
When I want to use the command: "nat (inside) 0 access-list 100" I get
the warning: "access-list protocol or port will not be used". I cannot
ping any hosts on the 10.11.64.0 network.

Can someone help me?
Marcel

--
Marcel
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message330248.html
 

---

• Next message: Wilykiote(work): "Re: Stupid Cisco 506"
• Previous message: Dave Kendall: "Re: Best Free Firewall??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: calling functions at the same time ... >plan to timestamp the pings) to test and measure network conditions over ... >different routes to different hosts. ... Putting all the ping hosts in a list ... >> have in mind. ... (comp.lang.python) Re: W2K3 servers cant ping each other ... W2K3 servers enterprise ed. on my network ... > are able to ping all internet hosts and the other hosts ... > on my own network, and everyone can ping the W2K3 servers... ... (microsoft.public.windows.server.networking) Re: Problem with local network ... Pinging itself shows internally to the same PC that its network is ... (It probably doesn't really ping the hardware - some will, ... And no other conflicting "hosts: ... then the machine should first check the hosts file for some ... (Fedora) Re: Problem with local network ... >Pinging itself shows internally to the same PC that its network is ... (It probably doesn't really ping the hardware - some will, ... then the machine should first check the hosts file for some ... [root@bilbo audit]# ping -c4 localhost.localdomain ... (Fedora) Re: Detect network connection ... This allows you to ping between two hosts ... without actually logging into one of them an performing the ping test... ... >> I need to be able to detect wether a computer has an active network ... and basically when there isn't a network connection there is an ... (microsoft.public.scripting.vbscript)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2004-07