[Openswan Users] ok pix solved but...how to ping??
lean
piccololean at yahoo.it
Sat Oct 8 19:14:33 CEST 2005
Thanks a lot, but the problem is still here.
The machine on subnet behind the openswan cant't ping the machines
behind the pix.
The pix itself is reached of course but not the machines behind him.
I hope you can help me
Agent Smith wrote:
> try this on pix side, pix requires that you
> specifically allow return ICMPs back in.
>
> icmp permit any unreachable outside
> icmp permit any echo-reply outside
> icmp permit host a.b.c.d outside
> icmp deny any outside
>
> in this example, a.b.c.d is the only host allowed to
> ping pix while all hosts internal to pix can ping
> out.\
>
> hope that helps.
>
> --- lean <piccololean at yahoo.it> wrote:
>
>
>> >I restarted the pix too but the problem is the
>>same...
>>
>> >Agent Smith wrote:
>> >add this to pix
>> >isakmp identity address
>> >then restart the tunnel
>>
>>I solved with:
>>isakmp identity address on the pix and
>>rightid=pix_private_ip_before_nat
>>Now again the SA is done but:
>>1) no ipsec0 device found
>>2) no ping to subnet
>>Can you help me? Thanks
>>_______________________________________________
>>Users mailing list
>>Users at openswan.org
>>http://lists.openswan.org/mailman/listinfo/users
>>
>
>
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
More information about the Users
mailing list