Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4027
Views
0
Helpful
2
Replies

Can ping from router but unable to ping from client machines

kaushal
Level 1
Level 1

‎08-29-2012 05:51 PM - edited ‎03-04-2019 05:25 PM

Hi All,

I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked.

Following is my running conf

ip audit notify log

ip audit po max-events 100

ip ssh break-string ~

ipv6 unicast-routing

no ftp-server write-enable

!

no scripting tcl init

no scripting tcl encdir

!

no voice hpi capture buffer

no voice hpi capture destination

!

interface Loopback0

description *** abc ***

ip address 192.168.2.2 255.255.255.255

!

interface FastEthernet0/0

description * Connection to officeswitch *

ip address 10.0.2.1 255.255.255.240

duplex full

speed 100

ipv6 rip abc enable

no ipv6 mfib fast

!

interface FastEthernet0/1

description * ISP1 *

ip address 172.16.17.2 255.255.255.248

ip access-group ISP1-IN in

ip access-group ISP1-OUT out

ip route-cache flow

duplex full

speed auto

!

interface Serial3/0

description * ISP2 *

ip address 10.23.21.2 255.255.255.252

ip access-group Verio-IN in

ip access-group Verio-OUT out

ip route-cache flow

serial restart-delay 0

!

interface Serial3/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial3/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 00000

log-adjacency-changes

network 192.168.0.0 0.0.31.255 area 0

default-information originate

!

router bgp 00000

no synchronization

bgp log-neighbor-changes

network 192.168.0.0.0 mask 255.255.224.0

aggregate-address 192.168.0.0 255.255.224.0 summary-only

no auto-summary

!

ip classless

ip flow-export source Loopback0

ip flow-export version 5

ip flow-aggregation cache protocol-port

enabled

!

ip flow-aggregation cache prefix

enabled

!

no ip http server

no ip http secure-server

!

ip as-path access-list 5 permit ^$

ip as-path access-list 5 deny .*

ip as-path access-list 10 permit ^$

ip as-path access-list 20 permit ^00000

ip as-path access-list 30 permit ^00000

ip as-path access-list 30 permit ^00000

ip as-path access-list 30 permit ^00000

ip as-path access-list 30 permit ^00000

!

!

ip access-list standard Access

permit 192.168.0.0 0.0.31.255

deny   any log

!

ip access-list extended ISP1-IN

permit tcp host 192.168.1.2 any eq www log

permit icmp any any log

deny   ip 10.0.0.0 0.255.255.255 any log

deny   tcp any any eq ftp log

deny   tcp any any eq smtp log

deny   tcp any any eq 443 log

deny   ip 192.168.0.0 0.0.255.255 any log

  permit ip any any

ip access-list extended ISP1-OUT

permit icmp any any log

permit ip any any

ip access-list extended ISP2-IN

  permit icmp any any log

deny   ip 10.0.0.0 0.255.255.255 any log

deny   tcp any any eq ftp log

deny   tcp any any eq smtp log

deny   tcp any any eq 443

deny   ip 192.168.0.0 0.0.255.255 any log

  permit ip any any

ip access-list extended ISP2-OUT

permit ip any any

permit icmp any any

logging trap debugging

logging source-interface Loopback0

snmp-server community apricot RO 1

snmp-server trap-source Loopback0

snmp-server location 101 S Ellsworth Ave Suite 350

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps config

snmp-server enable traps envmon fan shutdown supply temperature

snmp-server enable traps bgp

redistribute static

!

!

route-map ISP1PATH permit 5

match as-path 30

!

route-map ISP1PATH permit 10

match as-path 20

set as-path prepend 00000

!

route-map SETPATH permit 10

match as-path 10

set as-path prepend 00001

!

I will appreciate any input to help me solve this problem.

Labels:
0 Helpful
2 Replies 2

mahmoodmkl
Level 7
Level 7

‎08-29-2012 09:36 PM

Hi,

can you please specify which subnet belongs to the client.

In addition i dont see any config relating to NAT in your router.

Thanks

0 Helpful

kaushal
Level 1
Level 1
In response to mahmoodmkl

‎08-29-2012 11:30 PM

Thanks for replying. Ours is a very small environment and we use public IP's for clients too thats why there is no NAT related config. The running config i have posted above is real but i have replaced public IP's with private IP's.

Router subnet: 192.168.1.1/28

Client subnet: 192.168.10.1/24

Did you see anything in the Access list which might be causing this issue?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card