G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
Hi,
can this be done. I have cisco pix 515e and would like to ping internal
hosts for monitoring purposes.
i have no trouble pinging the outside real IP. just don't know how to
accomplish pinging the inside IP. i would like to ping my mail server
inside for monitoring purposes. i would like to restrict ping from a
certain host. the mail server inside is 192.168.100.50
inside hosts have no problems pinging outside.
any help will be appreciated!
ip address outside x.x.x.111 255.255.255.240
ip address inside 192.168.100.1 255.255.255.0
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any
access-list 100 permit tcp any host x.x.x.112 eq www
access-list 100 permit tcp any host x.x.x.112 eq 25
access-list 100 permit tcp any host x.x.x.112 eq 1001
access-list 100 permit tcp any host x.x.x.112 eq 1002
access-group 100 in interface outside
static (inside,outside) tcp x.x.x.112 1001 192.168.100.48 8080 netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 1002 192.168.100.49 8080 netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 www 192.168.100.50 www netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 25 192.168.100.50 25 netmask
255.255.255.255 0 0
Hi,
can this be done. I have cisco pix 515e and would like to ping internal
hosts for monitoring purposes.
i have no trouble pinging the outside real IP. just don't know how to
accomplish pinging the inside IP. i would like to ping my mail server
inside for monitoring purposes. i would like to restrict ping from a
certain host. the mail server inside is 192.168.100.50
inside hosts have no problems pinging outside.
any help will be appreciated!
ip address outside x.x.x.111 255.255.255.240
ip address inside 192.168.100.1 255.255.255.0
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any
access-list 100 permit tcp any host x.x.x.112 eq www
access-list 100 permit tcp any host x.x.x.112 eq 25
access-list 100 permit tcp any host x.x.x.112 eq 1001
access-list 100 permit tcp any host x.x.x.112 eq 1002
access-group 100 in interface outside
static (inside,outside) tcp x.x.x.112 1001 192.168.100.48 8080 netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 1002 192.168.100.49 8080 netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 www 192.168.100.50 www netmask
255.255.255.255 0 0
static (inside,outside) tcp x.x.x.112 25 192.168.100.50 25 netmask
255.255.255.255 0 0