10-29-2009 12:23 PM - last edited on 03-25-2019 03:27 PM by ciscomoderator
I am having trouble seeing why I am unable to ping an interface that is local to the router while in an SSH session on the router. Although we are doing some policy based routing I can not figure out why I can not get a reply from the local interface. I do not see and traffic transverse the only connected firewall when I ping.
Here is the network portion of the config.
Network Config (Cisco IOS version 12.2)
interface FastEthernet0/0
description 4d-wifi-fa0.0
ip address 65.77.28.83 255.255.255.248 secondary
ip address 65.77.28.84 255.255.255.248 secondary
ip address 65.77.28.85 255.255.255.248 secondary
ip address 65.77.28.82 255.255.255.248
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description ATT-T1-inside
ip address 70.233.236.193 255.255.255.192
ip broadcast-address 70.233.236.255
no ip proxy-arp
ip nat inside
ip policy route-map outWifi
duplex auto
speed auto
!
interface Serial0/1
no ip address
no ip proxy-arp
encapsulation frame-relay IETF
no ip route-cache
no ip mroute-cache
frame-relay lmi-type ansi
!
interface Serial0/1.779 point-to-point
description ATT-T1-outside
bandwidth 1536
ip address 70.254.247.230 255.255.255.252
no ip route-cache
no ip mroute-cache
frame-relay interface-dlci 779
!
ip nat inside source static 70.233.236.218 65.77.28.85
ip nat inside source static 70.233.236.201 65.77.28.84
ip nat inside source static 70.233.236.200 65.77.28.83
ip nat inside source static 70.233.236.213 65.77.28.82
ip classless
ip route 0.0.0.0 0.0.0.0 70.254.247.229
no ip http server
!
access-list 1 permit 70.233.236.213
access-list 2 permit 70.233.236.200
access-list 3 permit 70.233.236.201
access-list 4 permit 70.233.236.218
access-list 5 permit 65.64.77.98
!
route-map outWifi permit 13
match ip address 1 2 3 4
set ip next-hop 65.77.28.81
-----------------------------------------
PING Testing
okc-rtr-c3640#ping 65.77.28.81 source 70.233.236.193
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 65.77.28.81, timeout is 2 seconds:
Packet sent with a source address of 70.233.236.193
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/44 ms
okc-rtr-c3640#ping 65.77.28.81 source FastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 65.77.28.81, timeout is 2 seconds:
Packet sent with a source address of 65.77.28.82
.....
Success rate is 0 percent (0/5)
okc-rtr-c3640#ping 65.77.28.82 source FastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 65.77.28.82, timeout is 2 seconds:
Packet sent with a source address of 65.77.28.82
.....
Success rate is 0 percent (0/5)
11-01-2009 01:40 AM
Hello Jess,
what happens if you remove the line:
ip nat inside source static 70.233.236.213 65.77.28.82
the ping results change?
Hope to help
Giuseppe
11-02-2009 08:21 AM
Removing the NAT allows the ping. What I don't understand is why the NAT would affect the ping of a local interface. I also tried (from terminal session on the router) pinging 70.233.236.213 and that fails. pinging 65.77.28.82 from an outside source is successful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: