Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
3
Helpful
18
Replies

WAN Int Ping issue

Najib Akbari
Level 1
Level 1

‎03-26-2025 12:27 PM - edited ‎03-26-2025 12:34 PM

Stupid issue struggling to figure out!!!

I have an ISR and working fine, just wanted to enable ping to the WAN Link from outside and I feel bad Im not able to do it. there is no config on the Interface seems blocking it so what should I check???!!!!

NajibAkbari_0-1743017196899.png

 

Labels:
0 Helpful
18 Replies 18

balaji.bandi
Hall of Fame
Hall of Fame

‎03-26-2025 12:42 PM - edited ‎03-26-2025 12:43 PM

As per the information provided, should that be working - we may need more information as below  

is this Public routable IP address ?

where are you trying to ping from ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Najib Akbari
Level 1
Level 1
In response to balaji.bandi

‎03-26-2025 01:14 PM

Yes it is a routable Public IP, all outgoing traffic are working, but if I ping or SSH to the public IP of the WAN interface from anywhere ( somewhere not inside the router, any traffic initiate from outside thru ISP to the WAN int) then no luck.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Najib Akbari

‎03-27-2025 01:20 AM

Not sure if the ISP is blocking it. Initiate some debugging and try to ping from outside to see if you can view the connection in your router's debug logs.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

srimal99
Level 1
Level 1

‎03-27-2025 01:43 AM

By the sound of it, looks like ISP blocking or discarding ICMP . You can verify with ISP to ensure any security measures in place.

0 Helpful

Najib Akbari
Level 1
Level 1

‎03-27-2025 11:57 AM - edited ‎03-27-2025 04:13 PM

for ICMP debug to see if the traffic coming to the router:
I picked this router ( no ping) and another router ( ping works ) and run a -t ping to each one's WAN public IP and I see no logs indicating ICMP traffic:

1)

access-list 101 permit icmp any any

debug ip packet details 101

apparently since CEF is enabled and ICMP echo only processed via router CPU then unable to see the logs for it? so i run the second option and no luck either:

 

2)

access-list 101 permit icmp any any

debug ip cef packet gigabitEthernet 0/0/0 input 101 rate 0

no output either. and of course i ran term mon on both routers and see other logs

I can conract the ISP but first i need to make sure the traffic is not coming to the router

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Najib Akbari

‎03-28-2025 12:59 AM

Another quick option, if you get a chance, is to use the same IP address on your Laptop and see if you can ping it. If you suspect the Router, try this.

I do not see any issue with the Router at all based on the information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Najib Akbari
Level 1
Level 1
In response to balaji.bandi

‎03-28-2025 02:06 PM

I will see if I can do that.

0 Helpful

Najib Akbari
Level 1
Level 1
In response to Najib Akbari

‎03-28-2025 02:07 PM

why Im not seeing ICMP incoming traffic on any router with debug even on a router that ping works? what am I missing on the debug command?

MHM Cisco World
VIP
VIP
In response to Najib Akbari

‎03-31-2025 05:17 AM

Are this issue solve or not?

MHM

0 Helpful

Najib Akbari
Level 1
Level 1
In response to MHM Cisco World

‎04-02-2025 06:29 PM

still there

0 Helpful

Jan Rolny
Level 3
Level 3

‎04-03-2025 03:26 AM

Hi Najib,

if standard "debug ip icmp" does not work you can try to run Embeded Packet Capture(EPC).

This works pretty well. It depends on IOS version you are running but here is example:

monitor capture CAP interface gigabitEthernet 0/0/0 both
monitor capture CAP match ipv4 protocol 1 any any   <<<< Here protocol 1 means ICMP.

monitor capture CAP start   <<<< once you start capture initiate ping from outside and wait until ping finished
monitor capture CAP stop   <<<< after ping is done stop capture

show monitor capture CAP buffer brief  <<<< here it will display what was captured

monitor capture CAP export flash:ICMP.cap   <<<< if you like you can export capture where you need. Local flash or remote ftp.

Hope this helps.

Jan

0 Helpful

Najib Akbari
Level 1
Level 1
In response to Jan Rolny

‎04-03-2025 10:19 AM

Thanks Jan!

i ran monitor capture on a pinngable router and this router. there output on the pingable router but this router has no output when run "sh monitor cap cap buffer brief". does this means the ICMP traffic got blocked on ISP site or it has anything to do with the router?

0 Helpful

Najib Akbari
Level 1
Level 1

‎04-03-2025 12:50 PM - edited ‎04-03-2025 12:50 PM

I managed to get someone connect the link to his laptop, assigned the same IP and disabled firewall and still not pingable, then it means ISP or an intermediary device there filtering ICMP

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Najib Akbari

‎04-04-2025 02:29 AM

Sure have you got chance to talk to ISP, rather we going circle for simple issue.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card