- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2019 12:01 PM - edited 03-05-2019 11:16 AM
Hello All,
I have Cisco 892 router using a pppoe dialer and would like to allow pings to the interface for monitoring by ISP.
Could you provide guidance how configure same
Below is my wan interface
Interface Dialer2
ip address 10.192.252.4 255.255.255.0
ip mtu 1400
encapsulation ppp
dialer pool 1
keepalive 10 6
dialer-group 1
ppp authentication pap callin
ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
no cdp enable
Regards
Solved! Go to Solution.
- Labels:
-
Other Routers
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 07:43 PM
If you run a debug and you don't see any icmp packets incoming, then you need to ask your ISP how will he be able to reach your Dialer. I understand this is a Dialer given by an ISP but at some point, a route must exists. Can you ask him to do a traceroute to see?
Not sure I understood your point with GRE. Do you have a GRE tunnel on your router sourced with Dialer interface?
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2019 09:22 PM
I don't understand your question.
There's no acl on the interface which means by default you would be able to ping it.
From where you want to ping it? The dialer interface has a private IP and not a public which means you can ping it from internet (in this state)
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 01:22 AM - edited 02-15-2019 01:24 AM
Hello Francesco,
The end user is coming from 190.124.224.2 address but they not are getting any response.
The access list I have is for gre tunnels.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 01:36 AM
The access list the config.
crypto map SDM_CMAP_1 3 ipsec-isakmp
set peer 10.192.252.131
set transform-set manbosvpn
match address 102
crypto map SDM_CMAP_1 4 ipsec-isakmp
set peer 10.192.252.143
set transform-set bcpmanbosvpn
match address 100
!
access-list 100 remark CCP_ACL Category=4
access-list 100 permit gre host 10.192.252.4 host 10.192.252.143
access-list 102 remark CCP_ACL Category=4
access-list 102 permit gre host 10.192.252.4 host 10.192.252.131
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 08:04 AM
The IP 190.124.224.2 is trying to ping what IP (your dialer IP)? Your Dialer IP is 10.192.252.4 which is in 10.0.0.0/8 (RFC1918), a private IP.
Maybe you're trying to ping a public IP but this public IP is sitting on your ISP modem I believe?
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 08:24 AM
@Francesco Molino wrote:
I saw your post with crypto map which indicates, you have IPSEC tunnel.
The IP 190.124.224.2 is trying to ping what IP (your dialer IP)? Your Dialer IP is 10.192.252.4 which is in 10.0.0.0/8 (RFC1918), a private IP.
Maybe you're trying to ping a public IP but this public IP is sitting on your ISP modem I believe?
Hello Francesco,
The guy at the ISP is using this ip address 190.124.224.2 to try to ping the router wan interface 10.192.252.4. but no response.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 08:49 AM
Your router with Dialer:
- Is there any default static route?
- People from inside or even from your Dialer, are you able to access internet?
- Who is doing nat to access internet?
Now your ISP guy is trying to ping your Dialer private IP?
- If you run a debug on your router (debug ip icmp) and you type "term mon" on your ssh session. When the guy tries to ping you, do you see any traffic in? I believe not
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 09:22 AM - edited 02-15-2019 09:24 AM
Hello Francesco,
Is there any default static route? -------------- No, I am using eigrp for routing
People from inside or even from your Dialer, are you able to access internet . -------------------No this router is not allow to go the internet
Who is doing nat to access internet . -------I did not configure any nat to access the internet. since this router is using the ISP to connect to remote location on the same wan subnet.
If you run a debug on your router (debug ip icmp) and you type "term mon" on your ssh session. When the guy tries to ping you, do you see any traffic in? I believe not ------------- No traffic is showing.
I should mention this router use a pppoe via a ISP to another remote location using gre tunnels.
No nat or route to internet is in place.
Do I need to do any nat configuration if so could you post the config changes I need to make.
Will the changes if any be disruptive since the router is in production mode ?
Regards
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2019 07:43 PM
If you run a debug and you don't see any icmp packets incoming, then you need to ask your ISP how will he be able to reach your Dialer. I understand this is a Dialer given by an ISP but at some point, a route must exists. Can you ask him to do a traceroute to see?
Not sure I understood your point with GRE. Do you have a GRE tunnel on your router sourced with Dialer interface?
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2019 07:52 AM
I agree with Francesco that there is a lot that we do not know about this environment and that impacts our ability to give good advice. The original post was quite clear that the objective was to be able to ping the external interface. In that case I do not see how a GRE tunnel to another site plays any role in ping to the external interface.
I agree with Francesco that an important question is how the ping packet from a Public IP would be routed to the router of the original poster. How would the outside device have a route to an IP address in network 10.0.0.0. When a device with a Public IP wants to communicate with an address in private network 10.0.0.0 there generally needs to be some address translation. We have not been told of any address translation.
The original poster tells us that this router is not allowed to access the Internet. Since the address originating the ping appears to be an address in the Internet then how would the router be able to respond to it?
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2019 02:22 PM
Hello All,
Thanks for leading me in the right direction, the issue is now resolve.
I had to add a static route using the dialer interface as gateway now the tech at the ISP can ping my device.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2019 04:47 PM
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
