Re: [cisco-ttl] PIX firewall internal interface'i pingleme problemi

From: Serhat Uslay <serhat.uslay_at_....>
Date: Wed Jun 08 2005 - 02:27:32 EEST

"Conduit" komutu PIX v7 da kaldirildi. Access List'e cevirmen lazim. PIX genel olarak bir bacaktan obur bacagini ping'lemeye izin vermez. Bu sanirim 6.3.3 de " management-access" komutu ile degistirildi.. Senin "management-access outside" yazman gerekiyor (access-list yada conduit'e ilave olarak !)..

'


          Serhat Uslay
          Data Networks Team Leader
          Zurich Financial Services  
          Tel; (02) 9995 4945  Cell: 0401 105 485 
          Email; serhat.uslay@zurich.com.au 
==================================



cenk tasdan <cenktasdan@yahoo.com>
Sent by: cisco-ttl@yahoogroups.com
07/06/2005 11:32 PM
Please respond to
cisco-ttl@yahoogroups.com

To
cisco-ttl@yahoogroups.com
cc

Subject
[cisco-ttl] PIX firewall internal interface'i pingleme problemi

Merhabalar,

PIX firewall'da outside'dan gelip ic bacagini pinglemek mumkun mu? Eger mumkun ise konfigurasyonu nasil oluyor bir fikri olan var mi?

icmp permit komutu ile internal interface'ini ping'e actim. Hadi bu yetmedi icmp any any hem ic hem de dis bacagina verdim. Ama yine de pingleyemedim. Debug Icmp ettigimde ise Echo-Req. geldigini gordum ama firewall'dan reply'lar cikmiyordu. Son olarak herhalde pinglenemiyor. Cisco buna izin vermiyor diye dusundum.

Bir fikri olan cozum onerisi olan var mi?

PS1:
NAT yapilmiyor.

PS2:
2 taraf arasinda PIX'lerin onunde duran Routerlar arasinda VPN yapiliyor, ve PIX arkasindaki networkler birbirini sorunsuz pingliyor.

Tesekkurler.  



Discover Yahoo!
Use Yahoo! to plan a weekend, have fun online and more. Check it out! http://discover.yahoo.com/
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya 
da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu 
tutulamazlar. 
Yahoo! Groups Links



 







----
This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.

[Non-text portions of this message have been removed]



--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links


<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Wed Jun 8 02:27:47 2005

This archive was generated by hypermail 2.1.8 : Wed Jun 08 2005 - 02:27:47 EEST