Re: cisco pix 515 outside ping to internal hosts
- From: google@xxxxxxxxxxxxxxxxx
- Date: 15 Sep 2005 10:21:29 -0700
Hi,
thanx for the reply.
i tried both, they do not work. noticed that i have 1 real ip address
port forwarded to many internal ips. i do not think this will work, but
i could be wrong.. so when i ping x.x.x.112 how does the pix determine
which internal hosts i am pinging??
> static (inside,outside) tcp x.x.x.112 1001 192.168.100.48 8080 netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 1002 192.168.100.49 8080 netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 www 192.168.100.50 www netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 25 192.168.100.50 25 netmask
Darren Green wrote:
> <google@xxxxxxxxxxxxxxxxx> wrote in message
> news:1126758332.731925.156160@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > Hi,
> >
> > can this be done. I have cisco pix 515e and would like to ping internal
> > hosts for monitoring purposes.
> > i have no trouble pinging the outside real IP. just don't know how to
> > accomplish pinging the inside IP. i would like to ping my mail server
> > inside for monitoring purposes. i would like to restrict ping from a
> > certain host. the mail server inside is 192.168.100.50
> > inside hosts have no problems pinging outside.
> >
> > any help will be appreciated!
> >
> >
> > ip address outside x.x.x.111 255.255.255.240
> > ip address inside 192.168.100.1 255.255.255.0
> >
> > access-list 100 permit icmp any any echo-reply
> > access-list 100 permit icmp any any time-exceeded
> > access-list 100 permit icmp any any
> > access-list 100 permit tcp any host x.x.x.112 eq www
> > access-list 100 permit tcp any host x.x.x.112 eq 25
> > access-list 100 permit tcp any host x.x.x.112 eq 1001
> > access-list 100 permit tcp any host x.x.x.112 eq 1002
> > access-group 100 in interface outside
> >
> >
> > static (inside,outside) tcp x.x.x.112 1001 192.168.100.48 8080 netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 1002 192.168.100.49 8080 netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 www 192.168.100.50 www netmask
> > 255.255.255.255 0 0
> > static (inside,outside) tcp x.x.x.112 25 192.168.100.50 25 netmask
> > 255.255.255.255 0 0
> >
>
> Hi,
>
> I believe that you would need an acceess-list permitting ICMP traffic to
> your global address.
>
> e.g.:
>
> static (inside,outside) mapped_ip_address real_ip_address netmask
> 255.255.255.255
> access-list 100 permit icmp any host mapped_ip_address echo (echo-reply,
> etc)
> access-group 100 in interface outside
>
> I pulled the above from the folllowing link:
>
> http://www.cisco.com/warp/public/110/31.html
>
> Regards
>
> Darren
.
- References:
- cisco pix 515 outside ping to internal hosts
- From: google
- Re: cisco pix 515 outside ping to internal hosts
- From: Darren Green
- cisco pix 515 outside ping to internal hosts
- Prev by Date: Re: T1 lines go mad
- Next by Date: Re: T1 lines go mad
- Previous by thread: Re: cisco pix 515 outside ping to internal hosts
- Next by thread: Re: cisco pix 515 outside ping to internal hosts
- Index(es):
Relevant Pages
|
