Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
1
Replies

Strange ICMP issue across WAN

rcoote5902_2
Level 2
Level 2

‎09-07-2011 03:48 PM - edited ‎03-04-2019 01:32 PM

Hello,

I have a strange one today....

I have 12 sites across an MPLS WAN (school division).  All sites go through our central office for Internet access, where we have an ASA 5520.

Now, there are no issues at any of these sites accessing the internet, however I had an issue with connectivity to a specific server that I was troubleshooting and came across this little dilemma.

4 of the 12 sites' routers are able to ping the inside interface of the ASA and out to the internet (I was using 4.2.2.2) as a test target.

8 of the 12 sites' routers are not able to ping the inside interface of the ASA and out to the internet (again using 4.2.2.2) as a test target.

Configuration of the routers is essentially identical, and there are no rules in the ASA preventing ICMP from specific subnets.

Here is where it gets wierd.  If I connect to the first switch behind those 8 routers - I can ping out to the ASA and 4.2.2.2 without any issue.

It's not really anything service-impacting, but it makes troubleshooting from the router rather difficult.

Here's a ping and trace from the router:

LSRtr#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LSRtr#traceroute 4.2.2.2

Type escape sequence to abort.

Tracing the route to 4.2.2.2

  1 172.16.255.35 0 msec 0 msec 4 msec

  2  *  *  *

  3  *  *  *

  4 172.16.255.162 0 msec 4 msec 0 msec

  5  *  *  *

  6  *  *  *

  7  *  *  *

And the same from the first switch behind it:

LsCore#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 78/80/84 ms

LsCore#traceroute 4.2.2.2

Type escape sequence to abort.

Tracing the route to 4.2.2.2

  1 172.16.104.1 0 msec 0 msec 6 msec

  2 172.16.255.35 0 msec 5 msec 0 msec

  3  *  *  *

  4  *  *  *

  5 172.16.255.162 0 msec 5 msec 5 msec

  6 199.216.81.1 11 msec 0 msec 5 msec

  7  *  *  *

  8 139.142.32.42 0 msec 5 msec 5 msec

  9 216.18.32.81 11 msec 10 msec 11 msec

10 66.59.190.194 21 msec 21 msec 26 msec

11 66.59.190.6 21 msec 26 msec 21 msec

12 67.69.199.149 16 msec 16 msec 16 msec

13 64.86.115.13 26 msec 21 msec 21 msec

14 64.86.115.49 26 msec 21 msec 21 msec

15 66.110.25.9 32 msec 26 msec 31 msec

16 66.198.127.65 79 msec 79 msec 84 msec

17 66.198.127.2 83 msec 84 msec 78 msec

18 66.198.144.6 79 msec 84 msec 78 msec

19  *  *  *

20 4.69.152.131 73 msec

    4.69.152.3 84 msec

    4.69.152.131 84 msec

21 4.2.2.2 79 msec 78 msec 79 msec

LsCore#

I'm left scratching my head.  Any suggestions?

Labels:
0 Helpful
1 Reply 1

gerald.suiza
Level 1
Level 1

‎09-07-2011 07:32 PM

try and source your ping on the router from the LAN segment subnet

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card