Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX 525 No NATconfiguration

from [Chris Odell] Network Security [Permanent Link]
Subject: RE: PIX 525 No NATconfiguration
Date: Wed, 19 Oct 2005 14:12:37 -0700 
  Dont you want an ACL to allow icmp any to any....

  _____  

From: Ercan Elibol [mailto:ercanelibol@gmail.com] 
Sent: Monday, October 17, 2005 3:50 PM
To: firewalls@securityfocus.com
Subject: PIX 525 No NATconfiguration


hi, 
I have a 525 PIX firewall running IOS 7.0. I can not ping through the
firewall. Inside interface is conencted to a PC, I can ping it from
firewall. Outside interface is conencted to a Cisco 3845 router, and I can
ping it from firewall. But for some reason I can not ping cisco 3845 from
PC. And I am not trying to do a NAT configuration. what am i missing here?
Here is my config, any help appricated very much. thanks 



PIX Version 7.0(1) 
names 
! 
interface Ethernet0 
duplex full 
nameif OUTSIDE 
security-level 0 
ip address 10.168.253.253 255.255.255.252 
! 
interface GigabitEthernet0 
nameif INSIDE 
security-level 100 
ip address 10.168.2.2 255.255.255.0 
! 
enable password 
passwd 
hostname pixfirewall 
domain-name default.domain.invalid 
ftp mode passive 
access-list INSIDE_IN extended permit ip any any 
access-list INSIDE_IN extended permit tcp any any 
access-list OUTSIDE_IN extended permit ip any any 
access-list OUTSIDE_IN extended permit tcp any any 
pager lines 24 
logging enable 
logging buffered informational 
mtu OUTSIDE 1500 
mtu INSIDE 1500 
no failover 
monitor-interface OUTSIDE 
monitor-interface INSIDE 
asdm image flash:/asdm-501.bin 
no asdm history enable 
arp timeout 14400 
nat (INSIDE) 0 10.168.2.0 255.255.255.0 
access-group OUTSIDE_IN in interface OUTSIDE 
access-group INSIDE_IN in interface INSIDE 
route OUTSIDE 0.0.0.0 0.0.0.0 10.168.253.254 1 
timeout xlate 3:00:00 
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 
timeout uauth 0:05:00 absolute 
http server enable 
http 10.168.2.0 255.255.255.0 INSIDE 
no snmp-server location 
no snmp-server contact 
snmp-server enable traps snmp 
telnet 10.168.2.0 255.255.255.0 INSIDE 
telnet timeout 5 
ssh timeout 5 
console timeout 0 
! 
class-map inspection_default 
match default-inspection-traffic 
! 
! 
policy-map global_policy 
class inspection_default 
inspect dns maximum-length 512 
inspect ftp 
inspect h323 h225 
inspect h323 ras 
inspect rsh 
inspect rtsp 
inspect esmtp 
inspect sqlnet 
inspect skinny 
inspect sunrpc 
inspect xdmcp 
inspect sip 
inspect netbios 
inspect tftp 
! 
service-policy global_policy global 
: end
 
 
here is the log info:
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254
%PIX-6-302020: Built ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-302021: Teardown ICMP connection for faddr 10.168.253.254/0
<http://10.168.253.254/0> gaddr 10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-609002: Teardown local-host OUTSIDE:10.168.253.254 duration 0:00:02 
%PIX-6-609001: Built local-host OUTSIDE:10.168.253.254
%PIX-6-302020: Built ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-302021: Teardown ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-609002: Teardown local-host OUTSIDE:10.168.253.254 duration 0:00:02
%PIX-6-609001: Built local-host OUTSIDE: 10.168.253.254
%PIX-6-302020: Built ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-302021: Teardown ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-609002: Teardown local-host OUTSIDE:10.168.253.254 duration 0:00:02
%PIX-6-609001: Built local-host OUTSIDE: 10.168.253.254
<http://10.168.253.254> 
%PIX-6-302020: Built ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-302021: Teardown ICMP connection for faddr 10.168.253.254/0 gaddr
10.168.2.10/512 laddr 10.168.2.10/512
%PIX-6-609002: Teardown local-host OUTSIDE:10.168.253.254 duration 0:00:02
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PIX 525 No NATconfiguration, Chris Moody
Next by Date:  Re: PIX 525 No NATconfiguration, Corbin Del Carlo
Previous by Thread:  Re: PIX 525 No NATconfiguration, Chris Moody
Next by Thread:  Re: PIX 525 No NATconfiguration, Cory Stoker
Indexes:  [Date] [Thread] [Top] [All Lists]