Solved

How can I enable access the Cisco PIX outside NAT interface?

Posted on 2006-11-02
8
200 Views
Last Modified: 2013-11-16
I setup one to one NAT from Cisco PIX, but I can't access or PING the ouside IP from internal network. Any Solution?
0
Comment
Question by:kennycpu
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 17856823
outside ping is disabled by default

to turn it on toy need to add the following line to the config

icmp permit any echo outside

The ONLY way to manage a PIX from outside is via a VPN!! you need to enable a VPN to the firewall.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17857222
>I can't access or PING the ouside IP from internal network
Correct. This is by design of the pix.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17868461
What exactly are you trying to access with this ? Provide more information. Also mention if this nat you have created is resolved using external dns server.

Cheers,
Rajesh
0
 

Author Comment

by:kennycpu
ID: 17882654
Of course I can ping outside IP from outside. I mean I cannot access the ouside NAT IP from inside network.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:kennycpu
ID: 17882674
I am now using 2 DNS server, One for outside REAL IP setting. Another use for internal DNS server which set with internal LAN IP.
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 100 total points
ID: 17882701
If you have the dns server internally for this REAL ip, then there is nothing that can be done. It is per design as Lrmoore stated.

Cheers,
Rajesh
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17914989
Why shoot the messenger with a C grade (actually the 2nd messenger) just because you don't like the answer?

0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17915049
Don't expect anybody to answer your future questions if this is the way you judge them. First of all this has to be split and grade C just because it can't be done ? I don't own Cisco.

0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now