Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1255
Views
0
Helpful
7
Replies

Inconsistent ping/traceroute from DEFAULT_NETWORK to DMZ_IP

Go to solution
dbalagosa
Level 1
Level 1

‎05-16-2013 02:54 AM - edited ‎03-07-2019 01:22 PM

Let me define my networks first

DEFAULT_NETWORK: 192.168.100.0 /255.255.255.0

DMZ_NETWORK: 192.168.20.0 /255.255.255.0

DEFAULT_IP: 192.168.100.254 /255.255.255.255

DMZ_IP: 192.168.20.254 /255.255.255.255

I only have one PC behind the DMZ network, it has the IP of 192.168.20.200. When I ping from this PC to the DMZ GW, it works fine.

So the problem is shown in the attached screenshot1.jpg. First I did a traceroute to the DMZ GW, it worked. Second time I did a traceroute to the DMZ GW, my trace got lost somewhere in the internet.

In screenshot2.jpg, I did a ping test to the PC behind the DMZ. As you can see a timeout at first, then the succeeding pings went through. I am guessing the first ping got lost in the internet.

Can someone explain this behavior?

Labels:
Preview file
79 KB
Preview file
92 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
SHAWN EFTINK
Level 5
Level 5
In response to dbalagosa

‎05-17-2013 10:28 AM

If you feel any of the answers were the correct answer, you can mark it as the correct answer and that will "close out" the discussion. Otherwise you can just leave it and it will cycle off the list eventually.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
SHAWN EFTINK
Level 5
Level 5

‎05-16-2013 03:33 AM

Initial question. In your list of IPs you show the default IPs having host subnet masks of 255.255.255.255. Do you have it configured that way on the device or are they actually configured as 255.255.255.0?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
0 Helpful

Go to solution
dbalagosa
Level 1
Level 1
In response to SHAWN EFTINK

‎05-16-2013 07:36 PM

It is configured as actual on the device.

DEFAULT_IP: 192.168.100.254 /255.255.255.255

DMZ_IP: 192.168.20.254 /255.255.255.255

I used the ISA500 wizard for creating the DMZ. These values are system-generated and I did not edit them.

I will post a screenshots later on.      

0 Helpful

Go to solution
SHAWN EFTINK
Level 5
Level 5
In response to dbalagosa

‎05-16-2013 08:07 PM

Maybe it won't help and maybe there's some kind of logic to the wizard setting it up that way, or maybe it was a bug because I've never seen an instance of configuring the interfaces that way. You can always change them back but would you mind changing those masks to a /24 of 255.255.255.0, test again and see if it improves or not?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
0 Helpful

Go to solution
dbalagosa
Level 1
Level 1
In response to SHAWN EFTINK

‎05-16-2013 10:07 PM

I solved it. This was caused by my WiFi being turned on. The 192.168.254.0 /24 network belong to my WiFi network. I turned it off and did the tests again, no problems encountered.

Anyway, here is a screenshot of my Address Objects. Just for you to see that the default of the DMZ_IP has a 255.255.255.255 subnet.

Screen1.jpg

0 Helpful

Go to solution
SHAWN EFTINK
Level 5
Level 5
In response to dbalagosa

‎05-17-2013 03:38 AM

I thrilled to hear you figured it out. I also really appreciate you attaching that final screenshot. I feel much better now. I thought you were referencing the IP Address configuration on the interfaces/VLANs themselves. I didn't realize you we're referring to Address Management. You probably mentioned it and I overlooked it. As those are just network objects used to tie IPs to names and groups, all of that is correct. Congrats on resolving it. Sorry I couldn't be of more assistance.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
0 Helpful

Go to solution
dbalagosa
Level 1
Level 1
In response to SHAWN EFTINK

‎05-17-2013 10:04 AM

Yes I mentioned it. Nevertheless, this is solved and you can close this one now.

0 Helpful

Go to solution
SHAWN EFTINK
Level 5
Level 5
In response to dbalagosa

‎05-17-2013 10:28 AM

If you feel any of the answers were the correct answer, you can mark it as the correct answer and that will "close out" the discussion. Otherwise you can just leave it and it will cycle off the list eventually.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card