Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
7
Replies

Unable to ping my Own LAN IP

asifmohamamed
Level 1
Level 1

‎11-04-2015 04:43 AM - edited ‎03-05-2019 02:40 AM

Unable to ping my direclty connected client (LAN IP) from my router.

Router Configuration as below

Building configuration...

Current configuration : 7288 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BHUB-BR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4RJ0$/OIFUg7vKpv3QRlm1PEv7/
enable password 7 14141B180F0B
!
username HiPer password 7 095C4F1A0A1218000F
username VPNROUTER password 7 11011C091B1D
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
isdn switch-type basic-net3
!
!
!
!
interface Loopback0
 description >>> Loopback ip address for Tunnel <<<
 ip address 172.22.198.1 255.255.255.252
!
interface Loopback1
 ip address 202.144.46.187 255.255.255.255
!
interface Tunnel0
 description *** Tunnel G & B Mumbai ***
 ip unnumbered Loopback1
 ip accounting output-packets
 ip mtu 1360
 tunnel source 202.144.46.187
 tunnel destination 210.210.89.100
!
interface FastEthernet0/0
 description *** Sify Connection ***
 ip address 202.144.46.182 255.255.255.252
 backup interface Dialer1
 speed auto
 half-duplex
!
interface FastEthernet0/1
 description *** Internal LAN ****
 ip address 10.182.1.21 255.255.240.0
 ip access-group vcontrol in
 ip route-cache flow
 no ip mroute-cache
 load-interval 30
 duplex auto
 speed auto
!

!

!
ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel0
ip route 10.172.0.0 255.255.240.0 Tunnel0
ip route 10.182.1.23 255.255.255.255 Null0
ip route 10.182.1.70 255.255.255.255 Null0
ip route 10.182.1.77 255.255.255.255 Null0
ip route 10.182.1.101 255.255.255.255 Null0
ip route 10.182.1.113 255.255.255.255 Null0
ip route 10.182.14.103 255.255.255.255 Null0
ip route 10.182.14.117 255.255.255.255 Null0
ip route 172.16.0.0 255.240.0.0 172.22.195.13
ip route 172.16.0.0 255.240.0.0 172.22.195.1 210
ip route 202.144.0.0 255.255.0.0 202.144.46.181
ip route 202.144.0.0 255.255.0.0 Dialer1 200
ip route 202.144.46.44 255.255.255.255 Dialer1
ip route 202.177.0.0 255.255.0.0 202.144.46.181
ip route 202.177.0.0 255.255.0.0 Dialer1 200
ip route 210.18.0.0 255.255.0.0 202.144.46.181
ip route 210.18.0.0 255.255.0.0 Dialer1 200
ip route 210.18.0.110 255.255.255.255 Dialer1
ip route 210.210.0.0 255.255.0.0 202.144.46.181
ip route 210.210.0.0 255.255.0.0 Dialer1 200
ip route 210.214.0.0 255.255.0.0 202.144.46.181
ip route 210.214.0.0 255.255.0.0 Dialer1 200
ip route 221.134.0.0 255.255.0.0 202.144.46.181
ip route 221.134.0.0 255.255.0.0 Dialer1 200
ip http server
!
ip access-list extended vcontrol
 permit tcp host 10.182.1.2 host 10.10.1.77 eq smtp
 permit tcp 10.182.14.0 0.0.0.127 host 10.10.1.199 eq smtp
 permit tcp 10.182.14.0 0.0.0.127 host 10.10.9.146 eq smtp
 permit tcp 10.182.14.0 0.0.0.127 host 10.10.1.199 eq pop3
 permit tcp 10.182.14.0 0.0.0.127 host 10.10.9.146 eq pop3
 permit tcp any host 10.10.1.2 eq pop3
 permit tcp any host 10.10.1.1 eq pop3
 deny   tcp any any eq smtp
 deny   tcp any any eq pop3
 permit ip host 10.182.1.2 any
 permit ip host 10.182.1.3 any
 permit ip host 10.182.14.60 any
 permit ip 10.182.1.0 0.0.0.255 10.10.0.0 0.0.15.255
 permit ip 10.182.1.0 0.0.0.255 10.10.16.0 0.0.0.127
 permit ip 10.182.14.0 0.0.0.127 10.10.0.0 0.0.15.255
 permit ip 10.182.14.0 0.0.0.127 10.10.16.0 0.0.0.127
 permit ip any host 10.172.14.60
 permit ip any host 10.172.12.50
 deny   ip any any
!
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server enable traps tty

!

------------------------------------

Ping response from router

BHUB-BR#ping 10.182.1.111

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.182.1.111, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Thanks in Advance

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎11-04-2015 05:08 AM

You have applied access list vccontrol inbound on the interface. There is no entry in that access list that permits the ping response. So the ping response is being denied by your access list.

HTH

Rick

HTH

Rick
0 Helpful

asifmohamamed
Level 1
Level 1
In response to Richard Burts

‎11-04-2015 05:16 AM

I have tried permit icmp any any..... rule

still i m unable to ping

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to asifmohamamed

‎11-04-2015 05:20 AM

When you added the permit icmp any any did it go above the deny ip any any or did it go below (which is the default behavior)?

HTH

Rick

HTH

Rick
0 Helpful

asifmohamamed
Level 1
Level 1
In response to Richard Burts

‎11-04-2015 07:36 PM

Thanks...

Above deny ip any any....rule

0 Helpful

Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to asifmohamamed

‎11-04-2015 08:12 PM

Hello,

Is firewal off on the client? Were you able to ping your router from that client after you applied "permit ICMP any any"?

0 Helpful

WalterNL
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-05-2015 12:07 PM

Does it work with a "permit ip any any" statement? if no? check you PC instead.

and post a show ip route output

and a traceroute output

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to asifmohamamed

‎11-05-2015 05:55 AM

Thank you for the clarification. Would you post the output of show access-list, then do the ping, and immediately after the ping attempt post the output of show arp (or perhaps show ip arp depending on platform).

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card