Shulou(Shulou.com)06/01 Report--

This problem has perplexed me for a long time and baffled several so-called CCIE masters. Today, I finally figured out a way to solve it and solved it.

Problem description:

1. Put the PIX in a fixed IP environment (the external network is a fixed IP), and set the correct ACL to allow ICMP to release. In this case, the internal network can access the Internet normally and ping the external network.

2. Then put the PIX in the ADSL environment (dialing with PIX). If the ACL remains the same as before, the intranet computers under PIX can only surf the Internet and cannot ping the external network.

Solution:

The cause of the problem is that PIX does not open the audit of ICMP, so you need to use the command fixup protocol icmp to audit and release ICMP.

Pix (config) # fixup protocol icmp / / you only need this command, and you don't need to release it with ACL.

However, why can ping directly connect to the external network in a fixed IP environment? There is no ICMP audit under the fixed IP environment! It seems that the security features of PIX deserve further study.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.