Trouble connecting Cisco PIX FIrewall to Airport

I've tried to config the default host (DMZ) and I'm unable to establish a connection???

Jason, Welcome to the discussion area!
I've tried to config the default host (DMZ) and I'm unable to establish a connection???
What are you trying to configure? The Cisco device or the AirPort Extreme base station (AEBS)?

Similar Messages

  • Oracle 8i through CISCO PIX Firewall

    HI all,
    I Need some help here with CISCO PIX Firewall 506e series. The ORACLE Server 8i on Windows NT.4, placed at the inside interface of PIX Firewall.
    The Firewall has been configured to allow all the port to come from outside interface (this is where the Oracle client reside). When the client from outside try the oracle client application (where the login promt for username and password) when pressed enter the error msg
    =============================
    oracle error con 440
    unable to make connection oracle - 12514 tns.couldn't resolve service name
    the menu was not connectable with oracle. a menu is ended
    ==============================
    Many thanks for PIX and Oracle config.
    HATO

    Varun,
    Thank you for your help.
    I have one quick question, this pix is not in failover, it is standalone but it has Unrestricted license. It only has 64Mb of Ram. Will I have any problems based on your link recommendation?
    Memory Requirements:
    If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(2). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses
    What is the difference between the restricted Licenses and the Unrestricted Licenses?
    Thanks!

  • I am having trouble connecting to wifi network via airport express on my windows xp pc, but I know it is working because I can connect on my macbook, does anyone know what the problem is?

    I am having trouble connecting to wifi network via airport express on my windows xp pc, but I know it is working because I can connect on my macbook, does anyone know what the problem is?

    Tell us more about the problem, I can think up 100&1 different reasons, but don't have time to go through all the possibilities. So.. what happens?

  • I am behind a Cisco PIX Firewall. What addresses and ports do I need to permit through to allow Firefox updates?

    I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?

    This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
    What operating system are you using?
    Ian.

  • Trouble connecting Windows 2000 PC to Airport Extreme

    I'm having trouble connecting a PC running Windows 2000 to my Airport Extreme Base Station. The PC is using a D-Link wireless USB 2.0 adapter (802.11g) to connect to the internet. The PC would connect without problem when I was using a D-Link wireless router but will not connect with the new Apple base station.
    In addition to the Windows 2000 PC I have a Windows XP PC (connected via ethernet), an iBook G4 and an Epson printer connected to the Airport Extreme and they all work without a problem.
    Can anyone tell me how to solve my problem with the Windows 2000 machine?
    Thanks.

    I am having the same issue; since you did not seem to receive any replies on this forum, am wondering if you resolved the problem; am also wondering if my issue is the distance from my Airport Extreme base to the Windows PC. My next step is going to be to try moving the Apple router closer to the Windows PC and see if that Linksys wireless picks up the signal.

  • Cisco 871W eZVPN is unable to connect Cisco PIX vpn server

    crypto ipsec client ezvpn TEST
    connect auto
    group Cisco key cisco123
    mode client
    peer 172.1.1.1
    xauth userid mode interfactive
    interface FastEthernet4
    ip address 10.1.1.1 255.255.255.0
    ip access-group 101 in
    ip nat outside
    crypto ipsec client ezvpn TEST
    Internet Vlan1
    ip address 192.168.1.1 255.255.255.0
    ip access-group 100 out
    ip nat inside
    crypto ipsec client ezvpn TEST inside
    ip route 0.0.0.0. 0.0.0.0 192.168.1.254
    ip nat inside source route-map EzVPN1 interface FastEthernet4 overload
    access-list 100 permit ip any any
    access-list 101 permit ip any any
    access-list 103 permit ip 192.168.1.0 0.0.0.255 any
    route-map EzVPN1 permit 1
    match ip address 103
    These are the following commands I applied in my Router, It is able to connect but unable to access any other servers. The same user name & password I tried with the VPN dialer it works on my Laptop. Anything I am missing on the router configuration. The VPN server is Cisco PIX 515E.
    Cisco IOS on 871W is 12.3(8)Y12

    1) Isn't your default route supposed to be pointing towards the external interface?
    ip route 0.0.0.0. 0.0.0.0 192.168.1.254 ?
    2) Can you change the 'mode client' to 'mode network-extension'. Also the PIX will need 'nem enable'.
    Have a look at the following (I'm assuming you already have as your config seems to be similar):
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml
    For old 6.x code on PIX, have a look at:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml
    Regards
    Farrukh

  • Trouble Connecting to Public Wifi in airports

    Hello,
    I've been having trouble connecting my Macbook Air to public wifi in several airports (Denver, San Diego most recently). I select the SSID and get the signal just fine. When I launch Safari or Firefox, I see a redirect to an authentication page - but it never comes up - it just hangs.
    Using my iPhone and Safari, I can connect just fine. When the iPhone browser gets to the redirect screen, it comes up with a dialog box asking to accept a security certificate.
    On the Macbook, I never get asked about a certificate. I can't find any settings that change this behavior. I am not blocking pop up windows blocked and I am accepting cookies.
    Any ideas on how to resolve this? I see lot's of other Macbooks in the airport browsing away so I know I must be doing something wrong.
    Thanks in advance for any suggestions.

    Hi,
    Have you tried "Renew DHCP Lease" under TCP/IP?
    Best of luck.
    Cheers

  • Trouble connecting Windows 7 PC to Airport Extreme

    I cannot get my work pc to connect wirelessly to the Airport Extreme.  PC connects fine via ethernet.  All other devices in the house are Apple and work fine.
    Thanks

    Since you have other wireless devices connecting successfully, I will assume that your windows pc can 'see' the network ssid, and you are using the correct password.
    The only thing I can think of is you may have a wireless firewall enabled (either 3rd party or microsoft) that may be preventing you from connecting. try turning all you firewall protection off and see if that works. also, make sure your windows wireless connection properties are configured for dhcp, if that is how your network is set up.

  • PDM losing connection to PIX firewall

    I'm having this problem if I login to my PIX either a PIX 501 or 506E, the PDM will lose it connection with the PIX after so many minutes. If i go to apply a change or save a config, PDM will tell me it can't communicate with the PIX. I would then have to close my web browser and open a new connection.
    I'm running PIX OS 6.3(5) and PDM 3.0(4) with IE 6, Java 1.6.0 on Windows XP
    Is there anyway to prevent this from happening??

    Hi jghiller,
    Question: should I share the 7520 on al pcs or none at all?
    The printer should not be shared from one computer to another.  Each computer can directly access the printer.
    Question: If I disable my security software firewall, should the printer be found and installed on wireless network OK?
    The firewall can cause problems, but not like they used to.  With this being a current printer, most firewalls should work fine with the printer.
    Dropping from the network:
    There are multiple possibilities.
    1. Try turning off UPnP in the printer embedded web server.  Type the IP of the printer into a web browser to access the EWS.  On the network tab, selecting Networking on the left side and then UPnP.
    2. If your router supports double width data channels, try changing the router to use single width channel.  You will need to access the EWS of the router.  Most routers will say either default or double.  There might be a number listed instead.  Try setting the router to 20Mhz channel width.
    3. Also, setting a static IP for the printer could be a good idea.  That way the printer IP won't change and possibly get lost by the computers.  This setting also appears in the printer EWS.
    Try the HP Wireless Printing Center for tips:
    http://www8.hp.com/us/en/campaigns/wireless-printing-center/overview.html
    I was an HP employee.
    Please mark the post that solves your problem as "Accepted Solution"

  • Trouble connecting to wireless from installed Airport Extreme

    I just installed an Airport Extreme card into my dual 1.8mhz G5. I followed the steps on installing and everything seems to work. It is recognized in the network preferences as an Airport option. I have been unsucessful in connecting to the wireless connection. I do have a laptop G4 and I am able to connect without trouble. But I am not able to figure out why I can not configure the G5 to see the same wireless network. I have typed in the same wireless name as the laptop into "other" on the G5 but it does not recoginize it. Please advise.

    As I'm typing, I'm connected wirelessly. Don't ask me how it happened. I had installed Airport utility and it couldn't find the network. I opened up Network Connections through the control panel, immediately found the network, clicked on Change Settings of this Connection, clicked Configure, didn't change anything, then clicked on View Status of this Connection, and lo and behold, I'm suddenly connected. Tell me I'm not crazy!

  • Trouble connecting external hard drive to AirPort Extreme

    I now have my AirPort Extreme set up for my wireless network. But I have tried to connect my seagate 1TB powered external hard drive to the AirPort Extreme for file sharing via the USB port. But for some reason even though there's power to the hard drive it doesn't show up in airport utility or in my finder. Do you know how to fix this? It works perfectly fine and normal when I just plug the hard drive into one of my USB ports on my iMac. Can anyone help? Thanks

    Connect the hard drive directly to your Mac and launch Disk Utility. Select the drive and click on the Repair Drive button. Once this has finished try connecting the drive again and then launch AirPort Utility and see if the drive shows up.
    One thing I've noticed is that if the external drive has any directory errors it won't mount in AirPort.

  • Trouble connecting Cisco router with cable modem for Internet purposes

    So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine.  At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests.  I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface.  I am using static IPs and using the cable modem just as a modem (bridge mode).  Over the past several months these connections have just stopped working.  I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems.  I am wondering if that could affected how the modem and router talk.  I was told by the cable company that the modem sees the Cisco router but that the port is inactive.  My router shows the port is active and traffic passing.  Does anyone have any ideas that could point where the problem lies?  I will post a basic config to one that currently does not work.  I am using a VRF to route a certain group out, using NAT.  Please let me know if I need to post additional info.  Any help would be greatly appreciated.
    Cisco CISCO2911/K9
    Version 15.2(3)T1
    service timestamps debug datetime localtime
    service timestamps log datetime localtime show-timezone
    service password-encryption
    hostname 1204RTR01
    boot-start-marker
    boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
    boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
    boot-end-marker
    card type t1 0 0
    logging buffered 64000
    aaa new-model
    aaa session-id common
    clock timezone cst -6 0
    clock summer-time CDT recurring
    no ipv6 cef
    no ip source-route
    ip vrf 5
     rd 5:1
    ip multicast-routing
    1
    ip dhcp pool Guest
     vrf 5
     network 10.51.XXX.0 255.255.255.0
     default-router 10.51.XXX.XXX
     dns-server 209.18.47.61 209.18.47.62
    ip flow-cache timeout active 1
    no ip bootp server
    no ip domain lookup
    ip cef
    multilink bundle-name authenticated
    application
     global
      service alternate default
    license udi pid CISCO2911/K9 sn FTX1508AHTM
    hw-module pvdm 0/0
    redundancy
    ip tcp synwait-time 10
    interface GigabitEthernet0/0.5
     description Guest VLAN
     encapsulation dot1Q 5
     ip vrf forwarding 5
     ip address 10.51.xx.xxx 255.255.255.0
     no ip redirects
     no ip proxy-arp
     ip nat inside
     ip virtual-reassembly in
     ip tcp adjust-mss 1452
    interface GigabitEthernet0/1
     no ip address
     duplex auto
     speed auto
    interface GigabitEthernet0/2
     description Guest Intenet access
     ip vrf forwarding 5
     ip address 24.242.182.182 255.255.255.252   <--Cable company IP, Modem IP is 24.242.182.181
     ip nat outside
     ip virtual-reassembly in
     load-interval 30
     duplex auto
     speed auto
    ip forward-protocol nd
    no ip http server
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
    ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181
    access-list 9 permit 10.51.204.0 0.0.0.255

    Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on.  I will give you everything you may need and let me know.
    Config:
    version 15.2
    no service pad
    service timestamps debug datetime localtime
    service timestamps log datetime localtime show-timezone
    service password-encryption
    hostname 1112RTR01
    boot-start-marker
    boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
    boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
    boot-end-marker
    aaa new-model
    aaa session-id common
    clock timezone CDT -6 0
    clock summer-time CDT recurring
    network-clock-participate wic 0
    network-clock-select 1 T1 0/0/0
    no ipv6 cef
    no ip source-route
    ip vrf GuestVRF
     rd 5:1
    ip multicast-routing
    ip dhcp pool Guest
     vrf GuestVRF
     network 10.51.112.0 255.255.255.0
     default-router 10.51.112.1
     dns-server 209.18.47.61 209.18.47.62
    ip flow-cache timeout active 1
    no ip bootp server
    no ip domain lookup
    ip cef
    application
     global
      service alternate default
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    interface GigabitEthernet0/0.5
     description Guest VLAN
     encapsulation dot1Q 5
     ip vrf forwarding GuestVRF
     ip address 10.51.112.1 255.255.255.0
     no ip redirects
     no ip proxy-arp
     ip nat inside
     ip virtual-reassembly in
     ip tcp adjust-mss 1452
    interface GigabitEthernet0/1
     description Guest Internet (Time Warner Connection)
     ip vrf forwarding GuestVRF
     ip address 97.77.116.234 255.255.255.252
     ip nat outside
     ip virtual-reassembly in
     load-interval 30
     duplex auto
     speed auto
    ip forward-protocol nd
    ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
    ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
    access-list 5 permit 10.51.112.0 0.0.0.255
    control-plane
    end
    router#sh ip arp vrf GuestVRF
    router#Internet  97.77.116.233           2   f80b.bee7.e09f  ARPA   GigabitEthernet0/1
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  97.77.116.234           -   8843.e13c.8d99  ARPA   GigabitEthernet0/1
    router#ping vrf GuestVRF 97.77.116.233
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    router#sh int g0/1
    GigabitEthernet0/1 is up, line protocol is up
      Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
      Description: Guest Internet (Time Warner Connection)
      Internet address is 97.77.116.234/30
      MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full Duplex, 1Gbps, media type is RJ45
      output flow-control is XON, input flow-control is XON
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:00, output 00:00:00, output hang never
      Last clearing of "show interface" counters 00:00:10
      Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      30 second input rate 3000 bits/sec, 7 packets/sec
      30 second output rate 0 bits/sec, 0 packets/sec
         81 packets input, 4860 bytes, 0 no buffer
         Received 81 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 12 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 0 multicast, 0 pause input
         16 packets output, 1193 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 pause output
         0 output buffer failures, 0 output buffers swapped out
    router#sh int g0/1
    GigabitEthernet0/1 is up, line protocol is up
      Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
      Description: Guest Internet (Time Warner Connection)
      Internet address is 97.77.116.234/30
      MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ARPA, loopback not set
      Keepalive set (10 sec)
      Full Duplex, 1Gbps, media type is RJ45
      output flow-control is XON, input flow-control is XON
      ARP type: ARPA, ARP Timeout 04:00:00
      Last input 00:00:00, output 00:00:00, output hang never
      Last clearing of "show interface" counters 00:00:42
      Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/40 (size/max)
      30 second input rate 3000 bits/sec, 7 packets/sec
      30 second output rate 1000 bits/sec, 2 packets/sec
         408 packets input, 24480 bytes, 0 no buffer
         Received 408 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 61 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 0 multicast, 0 pause input
         72 packets output, 5669 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 babbles, 0 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 pause output
         0 output buffer failures, 0 output buffers swapped out
    I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.
    router#sh ip nat translations
    Pro Inside global      Inside local       Outside local      Outside global
    udp 97.77.116.234:3169 10.51.112.39:3169  209.18.47.62:53    209.18.47.62:53
    udp 97.77.116.234:8534 10.51.112.39:8534  209.18.47.61:53    209.18.47.61:53
    udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53   209.18.47.62:53
    udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53   209.18.47.62:53
    tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
    tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
    tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
    Pro Inside global      Inside local       Outside local      Outside global
    tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443  31.13.66.165:443
    udp 97.77.116.234:3066 10.51.112.72:3066  209.18.47.62:53    209.18.47.62:53
    udp 97.77.116.234:3884 10.51.112.72:3884  209.18.47.61:53    209.18.47.61:53
    udp 97.77.116.234:6656 10.51.112.72:6656  209.18.47.61:53    209.18.47.61:53
    udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53   209.18.47.61:53
    udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53   209.18.47.62:53
    Let me know if you need anything else.  I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not.

  • SIP connection Through PIX

    Hi ,
    i have a CISCO PIX Firewall running version Version 7.2(4)......
    i want to know how many connection of SIP can be handled by PIX firewall. what is the default limit.
    Actually we have a two setup of sip , one with Juniper firewall and one with pix different location. earlier i was facing issue with juniper that the Dialer not able to send call to user,
    during troubleshooting i found that in Juniper there is ALG which have sip enabled with 64 maximum limit.. so i diabled and all calls working fine.
    Now the question is voice vendor telling me the the same issue facing by user behind PIX Firewall.

    Hi ,
    i have a CISCO PIX Firewall running version Version 7.2(4)......
    i want to know how many connection of SIP can be handled by PIX firewall. what is the default limit.
    Actually we have a two setup of sip , one with Juniper firewall and one with pix different location. earlier i was facing issue with juniper that the Dialer not able to send call to user,
    during troubleshooting i found that in Juniper there is ALG which have sip enabled with 64 maximum limit.. so i diabled and all calls working fine.
    Now the question is voice vendor telling me the the same issue facing by user behind PIX Firewall.

  • Cisco Pix Syslog - details of traffic flow

    Hi
    We are logging to a syslog server on level informational. I see a byte count logged with each connection and I'm trying to understand what it means.
    Is it the sum of in+out traffic for the connection? Or is it only one direction? Is there a way to determine bytes counts for both directions (like netflow)?
    We are using version 6.3, but are in a position to upgrade if that will help meet our above requirements.
    Thanks

    Go through this Cisco PIX Firewall System Log Messages, Version 6.3. It will clear your doubts.
    http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/63syslog.html

  • Pix firewall issue

    Hello,
    I'm trying to configure some firewall rules and a nat in our pix 525 and I'm having some issue with the connection
    Here are the details:
    172.40.40.40 destination host.
    1.- I configured an ACL
    ACL test 172.80.0.0 255.255.0.0 destination 172.40.40.40
    ACL test 172.90.0.0 255.255.255.0 destination 172.40.40.40
    inside interface IP 172.20.20.20
    outside inteface IP 192.169.1.2
    interfaces inside outside (ping and icmp are allow)
    static (outside, inside) 172.40.40.40 172.40.40.40
    nat (outside)  5 access-list test
    global (inside) 5 interface
    route inside 172.40.40.40 255.255.255.255 172.30.30.30
    route outside 172.80.0.0 255.255.0.0 192.168.1.1
    route outside 172.90.0.0 255.255.0.0 192.168.1.1
    I'm trying to nat the traffic comming from the outside interface because we want to avoid interal ip conflicts, I'm seeing the hits on the ACL
    but can not telnet from 172.80.0.1 to 172.40.40.40 , there are routes and porta enable for that connection
    and my flag logs shown me SaAB from the destination host, what could be the problem?
    We can ping between the destination host and the pix inside interface and the icmp is allow in all the interfaces.

    Hello Thank you for your help, we will try to apply that command in our test .
    About our test the incoming connection from 172.90.0.0 are telnet session to 172.40.40.40
    So we are doing a PAT for those connection (172.90.0.0 PAT to 172.30.30.29) my question is that kind of scheme and configuration is supported on Pix Firewall?
    Here is the version: PIX 525
    Cisco PIX Firewall Version 6.3(5)
    This is the path
                                     MPLS                                    PIX                                              Destination HOST
    subnet 172.90.0.0/16 ---- ------------------------- ACL TEST -PAT(172.30.30.29 inside inteface) --------  172.40.40.40 port 25

Maybe you are looking for