Thanks for your fast reply.

The pcs are connected to the switchs, and are getting ip address through DHCP server that is also a pc connected to that switchs.

The switch doesn't have configuration, is a trendet that have just one vlan, you cannot configure it.

When I had the switch directly connected to the firewall it works fine.

But now I need to create a vpn so I put the Cisco (wan port) connected to the switch (I think that I not explain very well at the beginning, the cisco is not between both devices).

The fastethernet ports (0 to 3) are used in a different network, worknig fine (vlan 7)

ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1451C4GH
!
!
!
!
!
interface FastEthernet0
switchport access vlan 7
!
interface FastEthernet1
switchport access vlan 7
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 10.12.5.1 255.255.255.0
ip helper-address 10.12.2.1
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan7
ip address 10.12.7.1 255.255.255.0
!
ip default-gateway 10.12.5.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip default-network 10.12.5.0
ip route 10.12.5.0 255.255.255.0 FastEthernet4
!
!
!
control-plane
!
!
scheduler max-task-time 5000
end

All the pcs are in the same segment, at this case we can forget the firewall, the problem is

that from cisco I cannot ping the pcs that are in the same switch than the cisco wan port.

There are any problem of connect a wan port to a switch?

Everything seems fine with the port:

Cisco# sh interfaces fastEthernet 4
FastEthernet4 is up, line protocol is up
  Hardware is PQII_PRO_UEC, address is e05f.b915.801a (bia e05f.b915.801a)
  Internet address is 10.12.5.1/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:10, output 00:00:10, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     379 packets input, 40545 bytes
     Received 162 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     198 packets output, 36538 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Friends,

I found the solution, it was something very weird, it was the first time that I found this problem.

In my troubleshooting procedure, I try to configure the loopback on that interface and...

***************************************************************************************************************************************

Cisco(config-if)#loopback
Loopback is a traffic-affecting operation
Cisco(config-if)#no loopback
Cisco(config-if)#exit
Cisco(config)#do ping
*Jan 25 14:07:30.675: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up
*Jan 25 14:07:31.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
Cisco(config)#do ping 10.12.5.25

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.12.5.25, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Cisco(config)#
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
Cisco(config)#do ping 10.12.5.25

***************************************************************************************************************************************

Very very strange...

Thanks for your help

Hi,

Why did you want to use the loopback feature on the interface?

You wanted to use a loopback interface, I suppose which is not the same

loopback (interface)


To diagnose equipment malfunctions between the interface and device, use the loopback command in interface configuration mode. To disable the test, use the no form of this command.

taken from here http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfinter.html#wp1018171

Regards.

Alain.

I didn't want to use the loopback feature, it seems that the loopback feature was already active on that interface. But it's strange because the sh inter fast 4 don't shows loopback configured.

For lucky I remember to test the interface with the loopback, and when I did the "no loopback" command it works...