- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-20-2011 08:17 AM
I am having some fundamental problems configuring OSPF. Here's the simple configuration:
PA interface IP: x.y.200.94/29
Cisco interface IP: x.y.200.85/29
First problem...
From the PA CLI I can ping the remote Cisco router just fine:
admin@fs> ping source x.y.200.94 host x.y.200.89
PING x.y.200.89 (x.y.200.89) from x.y.200.94 : 56(84) bytes of data.
64 bytes from x.y.200.89: icmp_seq=1 ttl=255 time=9.92 ms
64 bytes from x.y.200.89: icmp_seq=2 ttl=255 time=1.50 ms
And yet from the Cisco router, there is no response. I do not believe I have any policies in place which block ICMP echo packets.
Any ideas?
05-20-2011 09:14 AM
You need to create an Interface Mgmt profile that allows Ping with a permitted IP Addresses of the source. I used 0.0.0.0/0 to open it up for everything. You then need to assign the profile to the Interface you want to ping.
05-20-2011 09:14 AM
You need to create an Interface Mgmt profile that allows Ping with a permitted IP Addresses of the source. I used 0.0.0.0/0 to open it up for everything. You then need to assign the profile to the Interface you want to ping.
05-25-2011 12:38 PM
Many thanks! Exactly what the doctor ordered.
So are these management profiles applied after the packet filtering policies? And I am assuming the default is "block" icmp, telnet, ssh, http and https.
Russell
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!