cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
993
Views
0
Helpful
2
Replies

cannot ping connected LANs

Hello

 

For some reason, I am not able to ping PCs in either side of LANs. I am able to ping routers and PCs from router, but not from PC to PC. My network is very simple with two sites in different cities, connected with L3 MPLS. The Cisco Routers are 2911

 

Site A: 172.17.1.0/24 (Router IP = 172.17.1.1)

Site B: 172.17.2.0/24 (Router IP = 172.17.2.1)

Ping from Router (172.17.2.1) to 172.17.1.51 is fine

Ping from Router 172.17.1.1 to 172.17.2.5 is fine

 

But when I ping from 172.17.2.5 (PC in Site B) to 172.17.1.51 (PC in Site A), it does not work. Router A configuration is

 

!

version 15.7

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

no service dhcp

!

hostname HAC-HO-EDGE-001

!

boot-start-marker

boot system flash0:c2900-universalk9-mz.SPA.157-3.M3.bin

boot-end-marker

!

!

no logging console

enable secret 5 $1$NHHS$goVblBuuV9P.fJsxV8x2J.

enable password 7

!

aaa new-model

!

!

!

!

!

!

!

!

aaa session-id common

clock timezone UTC 5 0

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

 

 

!

!

!

!

ip domain name HACAGRI.LOCAL

ip name-server 210.2.181.7

ip name-server 210.2.177.6

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

!

domain HACAGRI.LOCAL

!

cts logging verbose

!

!

license udi pid CISCO2911/K9 sn FCZ191361SF

!

!

vtp mode client

vtp version 2

username shaaz privilege 15 password 7

!

redundancy

!

!

!

!

!

!

interface Loopback0

 ip address 203.223.169.162 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address 172.17.1.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/0.1025

 encapsulation dot1Q 1025

!

interface GigabitEthernet0/1

 no ip address

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1.1014

 description Jazz-Backup-Data Link

 encapsulation dot1Q 1014

 ip address 10.5.206.148 255.255.255.248

 ip virtual-reassembly in

!

interface GigabitEthernet0/1.1018

 encapsulation dot1Q 1018

 ip address 10.5.206.156 255.255.255.248

!

interface GigabitEthernet0/2

 no ip address

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/2.1024

 description Jazz-Primary-Data Link

 encapsulation dot1Q 1024

 ip address 10.5.205.234 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface GigabitEthernet0/2.1025

 description Jazz-Primary-Internet Link

 encapsulation dot1Q 1025

 ip address 10.5.205.242 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

!

router bgp 64933

 bgp log-neighbor-changes

 neighbor 10.5.205.233 remote-as 23966

 neighbor 10.5.205.233 password

 neighbor 10.5.205.241 remote-as 23966

 neighbor 10.5.205.241 description "Jazz-eBGP-Primary"

 neighbor 10.5.205.241 password

 neighbor 10.5.205.241 version 4

 neighbor 10.5.205.241 timers 10 30

 neighbor 10.5.206.145 remote-as 23966

 neighbor 10.5.206.145 description "Jazz-eBGP-Backup"

 neighbor 10.5.206.145 password

 neighbor 10.5.206.145 version 4

 !

 address-family ipv4

  network 172.17.1.0 mask 255.255.255.0

  network 203.223.169.160 mask 255.255.255.248

  neighbor 10.5.205.233 activate

  neighbor 10.5.205.233 soft-reconfiguration inbound

  neighbor 10.5.205.233 route-map VPN-in-peer-Jazz in

  neighbor 10.5.205.233 route-map out-VPN-peer-Jazz out

  neighbor 10.5.205.241 activate

  neighbor 10.5.205.241 soft-reconfiguration inbound

  neighbor 10.5.205.241 route-map in-peer-Jazz in

  neighbor 10.5.205.241 route-map out-peer-Jazz out

  neighbor 10.5.206.145 activate

  neighbor 10.5.206.145 soft-reconfiguration inbound

  neighbor 10.5.206.145 route-map in-peer-Jazz-bkup in

  neighbor 10.5.206.145 route-map out-peer-Jazz-bkup out

 exit-address-family

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface Loopback0 overload

ip nat inside source static tcp 172.17.1.53 25 203.223.169.162 25 extendable

ip nat inside source static tcp 172.17.1.55 47 203.223.169.162 47 extendable

ip nat inside source static tcp 172.17.1.53 53 203.223.169.162 53 extendable

ip nat inside source static udp 172.17.1.53 53 203.223.169.162 53 extendable

ip nat inside source static tcp 172.17.1.53 80 203.223.169.162 80 extendable

ip nat inside source static tcp 172.17.1.53 110 203.223.169.162 110 extendable

ip nat inside source static udp 172.17.1.53 110 203.223.169.162 110 extendable

ip nat inside source static tcp 172.17.1.53 135 203.223.169.162 135 extendable

ip nat inside source static tcp 172.17.1.53 443 203.223.169.162 443 extendable

ip nat inside source static tcp 172.17.1.53 465 203.223.169.162 465 extendable

ip nat inside source static udp 172.17.1.55 500 203.223.169.162 500 extendable

ip nat inside source static tcp 172.17.1.53 522 203.223.169.162 522 extendable

ip nat inside source static tcp 172.17.1.53 691 203.223.169.162 691 extendable

ip nat inside source static tcp 172.17.1.55 1701 203.223.169.162 1701 extendable

ip nat inside source static tcp 172.17.1.55 1723 203.223.169.162 1723 extendable

ip nat inside source static tcp 172.17.1.51 3389 203.223.169.162 3389 extendable

ip nat inside source static tcp 172.17.1.56 9575 203.223.169.162 9575 extendable

ip ssh time-out 60

ip ssh version 2

!

!

ip prefix-list in-peer-Jazz seq 10 permit 0.0.0.0/0

!

ip prefix-list out-peer-Jazz seq 10 permit 203.223.169.160/29

!

ip prefix-list out-peer-VPN-Jazz seq 10 permit 172.17.1.0/24

ipv6 ioam timestamp

!

route-map out-VPN-peer-Jazz-bkup permit 10

 match ip address prefix-list out-peer-VPN-Jazz

 set metric 100

!

route-map in-peer-Jazz-bkup permit 10

 match ip address prefix-list in-peer-Jazz

 set local-preference 120

!

route-map out-VPN-peer-Jazz permit 10

 match ip address prefix-list out-peer-VPN-Jazz

 set metric 10

!

route-map in-peer-Jazz permit 10

 match ip address prefix-list in-peer-Jazz

 set local-preference 150

!

route-map out-peer-Jazz permit 10

 match ip address prefix-list out-peer-Jazz

!

route-map VPN-in-peer-Jazz permit 10

 set local-preference 150

!

route-map out-peer-Jazz-bkup permit 10

 match ip address prefix-list out-peer-Jazz

 set metric 100

!

!

access-list 1 permit 172.17.1.0 0.0.0.255

!

!

!

control-plane

!

!

 vstack

!

line con 0

 exec-timeout 20 0

 password 7

 logging synchronous

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 exec-timeout 20 0

 password 7

 transport input telnet ssh

 transport output telnet

line vty 5 15

 exec-timeout 20 0

 password 7

 transport input ssh

 transport output telnet

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server hk.pool.ntp.org

ntp server pk.pool.ntp.org prefer

!

end

===================================

Router B

 

 

!

! No configuration change since last restart

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname HAC-PLT-EDGE-001

!

boot-start-marker

boot-end-marker

!

!

no logging console

enable secret 5 $1$rnZh$YR3JTIhbwShzMx092D.MX.

enable password 7

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

!

!

!

aaa session-id common

clock timezone GMT 5 0

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

ip dhcp excluded-address 172.17.2.1 172.17.2.100

!

ip dhcp pool HAC-Plant

 network 172.17.2.0 255.255.255.0

 default-router 172.17.2.1

 dns-server 172.17.2.1

 domain-name HACAGRI.LOCAL

!

!

ip domain name HACAGRI.LOCAL

ip name-server 210.2.181.7

ip name-server 210.2.177.6

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2911/K9 sn FGL15421096

!

!

username shaaz privilege 15 password 7

!

!

ip ssh time-out 60

!

!

!

!

interface Loopback0

 ip address 210.2.157.169 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address 172.17.2.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 no ip address

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1.1018

 encapsulation dot1Q 1018

 ip address 10.5.206.156 255.255.255.248

!

interface GigabitEthernet0/1.1956

 description Jazz Primary Internet

 encapsulation dot1Q 1956

 ip address 10.5.205.194 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface GigabitEthernet0/1.1957

 description Jazz Primary Data Link

 encapsulation dot1Q 1957

 ip address 10.5.205.186 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface GigabitEthernet0/2

 no ip address

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/2.3045

 description Jazz Backup Internet Link

 encapsulation dot1Q 3045

 ip address 10.5.206.162 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

interface GigabitEthernet0/2.3046

 description Jazz Data Backup Link

 encapsulation dot1Q 3046

 ip address 10.5.206.178 255.255.255.248

 ip nat outside

 ip virtual-reassembly in

!

router bgp 64933

 bgp log-neighbor-changes

 neighbor 10.5.205.185 remote-as 23966

 neighbor 10.5.205.185 description "Jazz-eBGP-Primary"

 neighbor 10.5.205.185 password 7

 neighbor 10.5.205.185 version 4

 neighbor 10.5.205.185 timers 10 30

 neighbor 10.5.205.193 remote-as 23966

 neighbor 10.5.205.193 description "Jazz-eBGP-Primary"

 neighbor 10.5.205.193 password 7 12150119325D585D7978

 neighbor 10.5.205.193 version 4

 neighbor 10.5.205.193 timers 10 30

 neighbor 10.5.206.161 remote-as 23966

 neighbor 10.5.206.161 description "Jazz-eBGP-Primary"

 neighbor 10.5.206.161 password 7

 neighbor 10.5.206.161 version 4

 neighbor 10.5.206.161 timers 10 30

 neighbor 10.5.206.177 remote-as 23966

 neighbor 10.5.206.177 description "Jazz-eBGP-Backup"

 neighbor 10.5.206.177 password 7

 neighbor 10.5.206.177 version 4

 neighbor 10.5.206.177 timers 10 30

 !

 address-family ipv4

  network 172.17.2.0 mask 255.255.255.0

  network 210.2.157.168 mask 255.255.255.248

  neighbor 10.5.205.185 activate

  neighbor 10.5.205.185 soft-reconfiguration inbound

  neighbor 10.5.205.185 route-map out-VPN-peer-Jazz out

  neighbor 10.5.205.193 activate

  neighbor 10.5.205.193 soft-reconfiguration inbound

  neighbor 10.5.205.193 route-map in-peer-Jazz in

  neighbor 10.5.205.193 route-map out-peer-Jazz out

  neighbor 10.5.206.161 activate

  neighbor 10.5.206.161 soft-reconfiguration inbound

  neighbor 10.5.206.161 route-map in-peer-Jazz-bkup in

  neighbor 10.5.206.161 route-map out-peer-Jazz-bkup out

  neighbor 10.5.206.177 activate

  neighbor 10.5.206.177 soft-reconfiguration inbound

  neighbor 10.5.206.177 route-map out-VPN-peer-Jazz-bkup out

 exit-address-family

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source list 1 interface Loopback0 overload

!

!

ip prefix-list in-peer-Jazz seq 10 permit 0.0.0.0/0

!

ip prefix-list out-peer-Jazz seq 10 permit 210.2.157.168/29

!

ip prefix-list out-peer-VPN-Jazz seq 10 permit 172.17.2.0/24

access-list 1 permit 172.17.2.0 0.0.0.255

!

route-map out-VPN-peer-Jazz-bkup permit 10

 match ip address prefix-list out-peer-VPN-Jazz

 set metric 100

!

route-map in-peer-Jazz-bkup permit 10

 match ip address prefix-list in-peer-Jazz

 set local-preference 120

!

route-map out-VPN-peer-Jazz permit 10

 match ip address prefix-list out-peer-VPN-Jazz

!

route-map in-peer-Jazz permit 10

 match ip address prefix-list in-peer-Jazz

 set local-preference 150

!

route-map out-peer-Jazz permit 10

 match ip address prefix-list out-peer-Jazz

!

route-map out-peer-Jazz-bkup permit 10

 match ip address prefix-list out-peer-Jazz

 set metric 100

!

!

!

!

!

control-plane

!

!

!

line con 0

 exec-timeout 20 0

 password 7

 logging synchronous

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 session-timeout 20

 exec-timeout 20 0

 password 7

 transport input ssh

 transport output telnet

line vty 5 15

 exec-timeout 20 0

 password 7

 transport input ssh

 transport output telnet

!

scheduler allocate 20000 1000

end

=====================================

Thank you very much for your help

2 Replies 2

kubn2
Level 1
Level 1
Hi,

Did you tried to turn off (I guess) Windows Firewall on both PCs (or at least change setting in firewall to allow ICMP packets)? Because its pretty common that windows firewall blocking ICMP packets but it not block pings from routers because it uses UDP packets.

I have turned off firewall on both sides of PCs, but still I am not able to ping. One more thing that I have noticed that even I am able to ping PCs from router but cannot ping router from PCs. For example I can ping 172.17.1.229 from 172.17.2.1 (Router of Site B) but I cannot do the reverse.

Review Cisco Networking for a $25 gift card