cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
2320
Views
0
Helpful
4
Replies

ICMP problem

senpay524
Level 1
Level 1

Hi,

I have this debug error on my router

Mar  7 10:58:26.296: ICMP: dst (81.21.95.206) administratively prohibited unreachable sent to 79.164.27.174

81.21.95.206 is my outside interface

ip access-list extended NAT

permit ip host 10.0.22.2 any

permit ip host 10.0.21.2 any

permit ip host 10.0.50.10 any

permit ip 10.0.42.0 0.0.0.255 any

permit ip 10.0.10.0 0.0.0.255 any

permit ip host 10.0.31.2 any

permit ip host 10.0.31.3 any

permit ip host 10.0.31.4 any

permit ip host 10.0.31.5 any

permit ip host 10.0.31.6 any

permit ip host 10.0.31.7 any

permit ip host 10.0.31.8 any

permit ip host 10.0.31.9 any

permit icmp any any

permit ip host 10.0.32.253 any

ip access-list extended outside

permit udp any eq domain any gt 1023

permit tcp any any established

permit tcp any host x.x.x.x eq smtp

interface FastEthernet0/0

description Internet

ip address 81.21.95.206 255.255.255.252

ip access-group outside in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

this is some config from router

pings from router an through router not passing

what can be the problem?

2 Accepted Solutions

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

I'm assuming that you're trying to ping from the lan and you're not getting the return icmp response. If that's the case, add "permit icmp any any echo-reply" and you should be good....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

Try adding:

permit icmp any any unreachable

permit icmp any any time-exceeded

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

I'm assuming that you're trying to ping from the lan and you're not getting the return icmp response. If that's the case, add "permit icmp any any echo-reply" and you should be good....

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Thank John,

it helps with ping.

bu what can i do with traceroute? it doesnt pass.

Try adding:

permit icmp any any unreachable

permit icmp any any time-exceeded

HTH,

John

HTH, John *** Please rate all useful posts ***

Thanks John,

it's okey now

Review Cisco Networking for a $25 gift card