Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2201
Views
5
Helpful
15
Replies

Not able to ping my loopback from public IP.

Beast6
Level 1
Level 1

‎04-03-2019 01:53 PM 

interface Loopback6
ip address X.X.X.62 255.255.255.255


Router#sh ip access-lists
Extended IP access list 199
    10 deny tcp any any eq telnet
    20 deny tcp any any eq www log
    30 deny tcp any any eq 22
    40 permit ip any any (52 matches)
Extended IP access list E_FW_INSIDE_TO_OUTSIDE_ACL_01
    10 permit ip 200.20.20.0 0.0.0.255 any log
    20 permit ip 200.20.21.0 0.0.0.255 any
    30 permit ip 200.20.22.0 0.0.0.255 any
    40 permit ip X.X.X.16 0.0.0.15 any
    50 permit ip X.X.X.32 0.0.0.15 any
    60 permit ip X.X.X.48 0.0.0.15 any
    70 permit ip X.X.X.64 0.0.0.15 any
    80 deny udp any any eq 10001 log
Extended IP access list E_FW_INSIDE_TO_SLF_ACL_02
    10 permit tcp any eq 22 any
    20 permit tcp any eq 22609 any
    30 permit udp host 10.10.2.2 any
    40 permit udp host 10.10.2.4 any
    50 permit ip host 10.40.1.250 any
    60 permit icmp host 57.216.254.148 any
    70 permit icmp host 57.216.254.145 any
    80 permit icmp host 57.209.227.205 any
    90 permit icmp host 57.209.227.206 any
    100 permit icmp host 10.10.2.1 any
    110 permit icmp 200.20.20.0 0.0.0.255 any
    120 permit icmp 200.20.21.0 0.0.0.255 any
    130 permit icmp 200.20.22.0 0.0.0.255 any
    140 permit udp 200.20.20.0 0.0.0.255 any
    150 permit udp 200.20.21.0 0.0.0.255 any
    160 permit udp 200.20.22.0 0.0.0.255 any
    170 permit udp 172.30.1.0 0.0.0.255 any
    180 permit tcp 172.30.1.0 0.0.0.255 any
    190 permit ospf host 172.16.8.2 host 172.16.8.1
    200 permit icmp host 172.16.8.2 host 172.16.8.1
    210 permit icmp host 172.16.8.2 10.10.7.0 0.0.0.255
    220 permit udp 172.16.8.0 0.0.0.255 any
    230 permit esp host 200.20.20.22 host 10.10.2.2
    240 permit icmp X.X.X.16 0.0.0.15 any
    250 permit icmp X.X.X.32 0.0.0.15 any
    260 permit icmp X.X.X.48 0.0.0.15 any
    270 permit icmp X.X.X.64 0.0.0.15 any
    280 permit udp X.X.X.16 0.0.0.15 any
    290 permit udp X.X.X.32 0.0.0.15 any
    300 permit udp X.X.X.48 0.0.0.15 any
    310 permit udp X.X.X.64 0.0.0.15 any
    320 permit ip host 10.10.2.1 any
    330 permit ospf host 172.16.7.2 host 172.16.7.1
    340 permit icmp host 172.16.7.2 host 172.16.7.1
    350 permit icmp host 172.16.7.2 10.10.7.0 0.0.0.255
    360 permit udp 172.16.7.0 0.0.0.255 any
    370 permit esp host 200.20.22.34 host 10.10.2.2
    380 permit icmp host 172.30.1.2 host 172.30.1.1
    390 permit icmp 10.10.5.0 0.0.0.255 any
Extended IP access list E_FW_OUTSIDE_TO_INSIDE_ACL_03
    10 permit tcp any eq 5060 any
    20 permit udp any eq 5060 any
    30 permit udp any range 1000 1100 any
    40 permit tcp any eq 465 any
    50 permit icmp host X.X.X.2 any
    60 permit ip host 206.16.60.70 200.20.20.0 0.0.0.255
    70 permit ip host 206.16.60.70 200.20.21.0 0.0.0.255
    80 permit ip host 206.16.60.70 200.20.22.0 0.0.0.255
    90 permit tcp host 54.84.182.84 200.20.20.0 0.0.0.255
    100 permit tcp host 54.84.182.84 200.20.21.0 0.0.0.255
    110 permit tcp host 54.84.182.84 200.20.22.0 0.0.0.255
    120 permit icmp host 72.198.133.5 any
    130 permit ip host 70.X.X.52 any
    140 permit ip host 50.58.27.183 any
    150 permit tcp host 72.215.150.212 200.20.22.0 0.0.0.255
    160 permit icmp host 72.215.150.212 any
    170 permit ip host 72.215.150.212 200.20.22.0 0.0.0.255
    180 permit udp any range 10002 20000 any
    190 permit ip host 12.109.9.58 200.20.21.0 0.0.0.255
    200 permit ip host 209.163.240.162 200.20.21.0 0.0.0.255
    210 permit ip host 166.166.130.13 200.20.21.0 0.0.0.255
    220 permit ip host 98.198.144.47 200.20.21.0 0.0.0.255
    230 permit ip host 12.35.94.3 200.20.21.0 0.0.0.255
    240 permit tcp host 12.109.9.58 200.20.21.0 0.0.0.255
    250 permit tcp host 209.163.240.162 200.20.21.0 0.0.0.255
    260 permit tcp host 166.166.130.13 200.20.21.0 0.0.0.255
    270 permit tcp host 98.198.144.47 200.20.21.0 0.0.0.255
    280 permit tcp host 12.35.94.3 200.20.21.0 0.0.0.255
    290 permit udp host 12.109.9.58 200.20.21.0 0.0.0.255 eq 37778
    300 permit udp host 209.163.240.162 200.20.21.0 0.0.0.255 eq 37778
    310 permit udp host 166.166.130.13 200.20.21.0 0.0.0.255 eq 37778
    320 permit udp host 98.198.144.47 200.20.21.0 0.0.0.255 eq 37778
    330 permit udp host 12.35.94.3 200.20.21.0 0.0.0.255 eq 37778
    340 permit tcp any range 37777 37778 any
    350 permit tcp host 12.109.9.58 200.20.21.0 0.0.0.255 eq www
    360 permit tcp host 209.163.240.162 200.20.21.0 0.0.0.255 eq www
    370 permit tcp host 166.166.130.13 200.20.21.0 0.0.0.255 eq www
    380 permit tcp host 98.198.144.47 200.20.21.0 0.0.0.255 eq www
    390 permit tcp host 12.35.94.3 200.20.21.0 0.0.0.255 eq www
    400 permit icmp host 209.163.240.162 200.20.21.0 0.0.0.255
Extended IP access list E_FW_OUTSIDE_TO_SLF_ACL_04
    5 permit icmp host 70.X.X.52 any
    10 permit ip host 70.X.X.52 any
    20 permit udp host 98.188.216.148 any
    30 permit udp host 70.188.92.119 eq isakmp any
    40 permit udp host 50.58.27.183 eq 5060 any
    50 permit tcp host 98.188.216.149 eq 8880 any
    60 permit tcp host 72.198.133.5 eq 8880 any
    70 permit tcp host 206.16.60.70 any
    80 permit ip host 70.188.92.119 any log
    90 permit icmp 70.188.92.0 0.0.0.255 any
    100 deny ip 200.20.20.0 0.0.0.255 any
    110 deny ip 200.20.21.0 0.0.0.255 any
    120 deny ip 200.20.22.0 0.0.0.255 any
    130 deny ip X.X.X.16 0.0.0.15 any
    140 deny ip X.X.X.32 0.0.0.15 any
    150 deny ip X.X.X.48 0.0.0.15 any
    160 deny ip X.X.X.64 0.0.0.15 any
    170 deny ip 10.96.1.0 0.0.0.255 any
    180 deny ip 10.0.0.0 0.255.255.255 any
    190 deny ip 192.168.0.0 0.0.255.255 any
    200 deny ip 224.0.0.0 31.255.255.255 any
    210 deny ip 127.0.0.0 0.255.255.255 any
    220 deny ip 169.254.0.0 0.0.255.255 any
    230 deny ip 77.0.0.0 0.255.255.255 any
    240 permit ip host X.X.X.3 any
    250 permit ip host X.X.X.2 any
    260 deny ip 172.16.0.0 0.15.255.255 any
Extended IP access list E_FW_SLF_TO_INSIDE_ACL_05
    10 permit tcp any eq 2222 any
    20 permit ip host 10.10.2.2 any
    30 permit ip host 10.10.2.4 any
    40 permit icmp host 172.16.8.1 10.10.4.0 0.0.0.255
    50 permit ip host 10.10.2.2 host 200.20.20.22
    60 permit ip host X.X.X.1 any
    70 permit ip host X.X.X.4 any
    80 permit ip host 172.30.1.1 host 172.30.1.2
    90 permit icmp host 172.16.7.1 10.10.5.0 0.0.0.255
    110 permit icmp host X.X.X.62 any
Extended IP access list E_FW_SLF_TO_OUTSIDE_ACL_06
    7 permit icmp any any
    10 permit tcp any eq 2222 any
    20 permit udp any eq snmp any
    30 permit ip host X.X.X.1 any
    40 permit ip host X.X.X.4 any
    50 permit icmp host 10.10.2.2 host 50.58.27.183
    60 permit icmp host 10.10.2.2 host 54.84.182.84
    70 permit icmp host 10.10.2.2 host 70.X.X.52
    80 permit icmp host 10.10.2.4 host 50.58.27.183
    90 permit icmp host 10.10.2.4 host 54.84.182.84
    100 permit icmp host 10.10.2.4 host 70.X.X.52
    110 permit icmp host 10.10.2.4 host 72.215.150.212
    120 deny udp any any eq 10001
Extended IP access list NAT_ACL
    10 permit ip X.X.X.16 0.0.0.15 any
    20 permit ip X.X.X.32 0.0.0.15 any
    30 permit ip X.X.X.48 0.0.0.15 any
    40 permit ip X.X.X.64 0.0.0.15 any
    50 permit ip 200.20.20.0 0.0.0.255 any
    60 permit ip 200.20.21.0 0.0.0.255 any
    70 permit ip 200.20.22.0 0.0.0.255 any

This is my loopback X.X.X.62/32 configured on my router.

I am trying to ping this loopback from 70.x.x.52 this is one of public IP, I want to allow ping to this IP.

 

Please advise what am I missing or what need to be done to achieve this.

 

Thanks.

Labels:
0 Helpful
15 Replies 15

joseph.h.nguyen
Level 1
Level 1
In response to Beast6

‎04-10-2019 03:01 PM - edited ‎04-10-2019 03:11 PM

Another perspective to look into, have you confirmed whether PJAE017 router has the route to your loopback6 IP address?  

- Your ACLs, E_FW_SLF_TO_OUTSIDE_ACL_06 & E_FW_OUTSIDE_TO_SLF_ACL_04, look good.  

- You may want to perform a traceroute from either your Ubiquiti router or from 10.0.2.3 router to trace loopback6 address.  And vice verse by using extended traceroute.  You should see PJAE017 as the next hop and finally to your 10.0.2.4 router.  Otherwise, you may be having a routing issue.

- Or you may want to try extended ping by sourced your loopback6 public address destined to another public IP address.  i.e. 1) type ping then Enter or 2) "ping x.x.x.3 source x.x.x.62 repeat 2" on 10.10.2.4 router.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card