I have Cisco 892 router using a pppoe dialer and would like to allow pings to the interface for monitoring by ISP.
Could you provide guidance how configure same
Below is my wan interface
ip address 10.192.252.4 255.255.255.0
ip mtu 1400
dialer pool 1
keepalive 10 6
ppp authentication pap callin
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
no cdp enable
Solved! Go to Solution.
The end user is coming from 220.127.116.11 address but they not are getting any response.
The access list I have is for gre tunnels.
@Francesco Molino wrote:
I saw your post with crypto map which indicates, you have IPSEC tunnel.
The IP 18.104.22.168 is trying to ping what IP (your dialer IP)? Your Dialer IP is 10.192.252.4 which is in 10.0.0.0/8 (RFC1918), a private IP.
Maybe you're trying to ping a public IP but this public IP is sitting on your ISP modem I believe?
The guy at the ISP is using this ip address 22.214.171.124 to try to ping the router wan interface 10.192.252.4. but no response.
Is there any default static route? -------------- No, I am using eigrp for routing
People from inside or even from your Dialer, are you able to access internet . -------------------No this router is not allow to go the internet
Who is doing nat to access internet . -------I did not configure any nat to access the internet. since this router is using the ISP to connect to remote location on the same wan subnet.
If you run a debug on your router (debug ip icmp) and you type "term mon" on your ssh session. When the guy tries to ping you, do you see any traffic in? I believe not ------------- No traffic is showing.
I should mention this router use a pppoe via a ISP to another remote location using gre tunnels.
No nat or route to internet is in place.
Do I need to do any nat configuration if so could you post the config changes I need to make.
Will the changes if any be disruptive since the router is in production mode ?
I agree with Francesco that there is a lot that we do not know about this environment and that impacts our ability to give good advice. The original post was quite clear that the objective was to be able to ping the external interface. In that case I do not see how a GRE tunnel to another site plays any role in ping to the external interface.
I agree with Francesco that an important question is how the ping packet from a Public IP would be routed to the router of the original poster. How would the outside device have a route to an IP address in network 10.0.0.0. When a device with a Public IP wants to communicate with an address in private network 10.0.0.0 there generally needs to be some address translation. We have not been told of any address translation.
The original poster tells us that this router is not allowed to access the Internet. Since the address originating the ping appears to be an address in the Internet then how would the router be able to respond to it?
Thanks for leading me in the right direction, the issue is now resolve.
I had to add a static route using the dialer interface as gateway now the tech at the ISP can ping my device.