Hello,

Cisco PIX Security Appliance Software Version 7.0(1)3. We use NAT:
global (outside) 1 195.37.209.97
nat (inside) 1 10.1.0.0 255.255.0.0
Under V6.4 host with an address 10.1.x.x were able to ping and traceroute
to the outside world. After the upgrade to V7.0 this is no longer the case.
Is there any special command to reenable this functionality?

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html

ahhh.. We are having the same problem - any solutions ?

Best Regards
Rasmus


"Christoph Gartmann" <gartmann@non.immunbio.mpg.de.sens> wrote in message
news:d99bos$pd9$1@news.BelWue.DE...

Hi Christoph,

Binh Hoang of Cisco Systems stated,

"Have you tried enabling inspection for ICMP and see if that works?

See release notes for PIX 7.0 code below as regards to ICMP inspection.


Version 7.0(1) introduces an ICMP inspection engine. This engine
enables secure usage of ICMP, by providing stateful tracking for ICMP
connections, matching echo requests with replies. Additional controls
are available for ICMP error messages, which are only permitted for
established connections.

Use the inspect icmp and the inspect icmp error commands to configure
the ICMP inspection engine."

Command reference:

http://www.cisco.com/en/US/products/...0484fe1.ht ml

Thanks Binh, looks like it's fixed now. I indeed had to enable "inspect
icmp error" to get traceroute's working again.

----------------------------------------------

Hope this helps.

BradReese.Com Cisco Repair Worldwide
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.bradreese.com/cisco-big-iron-repair.htm