cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1330
Views
0
Helpful
4
Replies

Can ping a destination, but not connect to applications on it

macgyver0099_1
Level 1
Level 1

Hi,

 

We are having trouble with our Italy office.  Specifically, we can ping a remote server here in Pittsburgh, but they cannot connect to VoIP resources on it.  The VoIP vendor, ShoreTel has verified their equipment is running ok and the Italy office doesn't have any trouble connecting our Germany or New Jersey offices.  All of our offices connect through VPN tunnels.  We verified with Cisco that the tunnels are set up correctly and we can see traffic and return traffic exiting them (presumably ruling out the routing as well). 

 

The suspicion we now have is that there may be a problem with the switching.  The switches in Italy are new: the user switch is a WS-C2960L-48PS-LL with IOS c2960l-universalk9-mz.152-6.E/c2960l-universalk9-mz.152-6.E.bin.  The ports are configured for a data and voice vlan.  Both layer 3 vlans are present on this switch.  This switch is also where the ShoreTel equipment is located.  The switch is connected to a WS-C3850-24T-S switch stack with IOS flash:packages.conf - CAT3K_CAA-UNIVERSALK9 - IPBASE (that is directly connected to the firewall, which, in turn, is connected to the provider router).  It has a layer 3 vlan for data. 

 

Both switches can also ping the remote end, and the user switch can do so sourcing from both vlans.  The stack is using the Advanced (high scale) SDM Prefer template, while the user switch is using the default template.  Neither has  the "ip routing" statement explicitly enabled.

Therefore, my question is that assuming this is a switching problem, what could be the problem?

4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni
Hi
Are you going through the firewall , are RDP services enabled and other services to allow you and not just ICMP for ping allowed , switches dont block traffic unless you have explicitly enabled it through ACLs etc and if you have end to end connectivity sounds as if its an FW issue as the switches are allowing you connect through ICMP

IPBASE is fine for intervlan routing , i would still enable ip routing , but it may already be , run this command , sh run all | i routing
it could be hidden by default in running config , only the 3850 should require it as the other switch is acting l2 only user access

Thanks a lot guys.  I ended up having this problem at two locations.  The solution ended up being that  we had to enable ip routing on the connected switch in the one  case and point the edge devices to reference the switch svi as the gateway (as opposed to the firewall) in the other.

Great, good lucky.
Jaderson Pessoa
*** Rate All Helpful Responses ***

marce1000
VIP
VIP

 

 - In such elaborate networking environments including vpn's it is highly unlikely that a switching problem is the root cause; google on voip network test ; where you will find some useful testers and or  links to troubleshooting tests for voip.

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Review Cisco Networking for a $25 gift card