• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 395
  • Last Modified:

Ping from Host to pIx


I am not able to ping from host  to outside of pix= HELP.urgenttt!!!!


PIX Version 7.1(1)
hostname fwpix-mark01
domain-name default.domain.invalid
enable password .vQuvlGbz1nJZcdO encrypted
interface Ethernet0
 nameif outside
 security-level 0
 ip address
interface Ethernet1
 nameif inside
 security-level 100
 ip address
interface Ethernet2
 nameif pixpix
 security-level 50
 ip address
passwd RTYHGBNJK encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
access-list outacl extended permit icmp any any echo-reply
access-list outacl extended permit tcp host 255.255.2
access-list inacl extended permit icmp any any echo-reply
access-list inacl extended permit ip host 219.91.178
access-list acl_nonat extended permit ip 219.47.190.
access-list outside_cryptomap_30 extended permit ip
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu pixpix 1500
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list acl_nonat
nat (inside) 1
access-group outacl in interface outside
access-group inacl in interface inside
route outside 1
route outside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http inside
snmp-server host outside community ZS5544fwmark
snmp-server location PIX Markham
snmp-server contact C-IT6 0172 8979428
snmp-server community ZS5544fwmark
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set markham esp-3des esp-md5-hmac
crypto ipsec transform-set tripple-des esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map gddrp 30 match address outside_cryptomap_30
crypto map gddrp 30 set peer
crypto map gddrp 30 set transform-set ESP-3DES-SHA
crypto map gddrp interface outside
isakmp identity address
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key *
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key *
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key *
tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 pre-shared-key *
telnet inside
telnet timeout 5
sh outside
ssh outside
ssh outside
ssh inside
ssh timeout 10
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
tftp-server outside /
: end

  • 3
1 Solution

no nat (inside) 1
nat (inside) 1
This is permitted by default, and you have not configured anything to block it, so best bet is to start troubleshooting on Layer 2. Check ARP tables on the host if you can find the PIX MAC address. Check the switch VLAN configuration and CAM tables.
Oh and why is there a designated route to It's on the same network as your outside interface, so it doesn't need to get routed.

route outside 1

It should be safe to delete this route:

no route outside 1

Does pinging the gateway from the Pix work?

ping outside

Does pinging the "host" you're talking about work?

ping outside
Good to see that it works now for you.
Just for the records: What was the problem? Was it the route or was it the nat entry?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now