[c-nsp] PIX questions
Scott McGrath
mcgrath at fas.harvard.edu
Fri May 9 09:02:01 EDT 2008
You do realize that ICMP handling needs to be enabled on the PIX
independently of ACL
Rudy Setiawan wrote:
> Hi all,
>
> I have a question about PIX translation
>
> An outside interface has IP address:
> 192.168.1.2 255.255.255.0
>
> An DMZ interface has IP address:
> 10.1.1.2 255.255.255.0
>
>
> Current translation:
> 10.1.1.3 -> 192.168.1.3
> 10.1.1.4 -> 192.168.1.4
>
>
> How can I make it so that 10.1.1.3 is able to ping the IP "192.168.1.4"?
> How can I make it so that anyone behind 10.1.1.0/24 network is able to
> ping the IP "192.168.1.4"?
>
> Consider the ICMP is allowed any any.
>
> I tried to configure it but the ASDM log say
> "Deny IP Spoof From 192.168.1.2 to 192.168.1.4 on interface outside"
>
> Thank you for your help in advance.
>
> Regards,
> Rudy
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list