Solved: Re: Inconsistent ping/traceroute from DEFAULT_NETWORK to DMZ_IP

dbalagosa · ‎05-16-2013

Let me define my networks first

DEFAULT_NETWORK: 192.168.100.0 /255.255.255.0

DMZ_NETWORK: 192.168.20.0 /255.255.255.0

DEFAULT_IP: 192.168.100.254 /255.255.255.255

DMZ_IP: 192.168.20.254 /255.255.255.255

I only have one PC behind the DMZ network, it has the IP of 192.168.20.200. When I ping from this PC to the DMZ GW, it works fine.

So the problem is shown in the attached screenshot1.jpg. First I did a traceroute to the DMZ GW, it worked. Second time I did a traceroute to the DMZ GW, my trace got lost somewhere in the internet.

In screenshot2.jpg, I did a ping test to the PC behind the DMZ. As you can see a timeout at first, then the succeeding pings went through. I am guessing the first ping got lost in the internet.

Can someone explain this behavior?

SHAWN EFTINK · ‎05-17-2013

If you feel any of the answers were the correct answer, you can mark it as the correct answer and that will "close out" the discussion. Otherwise you can just leave it and it will cycle off the list eventually.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

View solution in original post

SHAWN EFTINK · ‎05-16-2013

Initial question. In your list of IPs you show the default IPs having host subnet masks of 255.255.255.255. Do you have it configured that way on the device or are they actually configured as 255.255.255.0?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

dbalagosa · ‎05-16-2013

It is configured as actual on the device.

DEFAULT_IP: 192.168.100.254 /255.255.255.255

DMZ_IP: 192.168.20.254 /255.255.255.255

I used the ISA500 wizard for creating the DMZ. These values are system-generated and I did not edit them.

I will post a screenshots later on.

SHAWN EFTINK · ‎05-16-2013

Maybe it won't help and maybe there's some kind of logic to the wizard setting it up that way, or maybe it was a bug because I've never seen an instance of configuring the interfaces that way. You can always change them back but would you mind changing those masks to a /24 of 255.255.255.0, test again and see if it improves or not?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

dbalagosa · ‎05-16-2013

I solved it. This was caused by my WiFi being turned on. The 192.168.254.0 /24 network belong to my WiFi network. I turned it off and did the tests again, no problems encountered.

Anyway, here is a screenshot of my Address Objects. Just for you to see that the default of the DMZ_IP has a 255.255.255.255 subnet.

Screen1.jpg

SHAWN EFTINK · ‎05-17-2013

I thrilled to hear you figured it out. I also really appreciate you attaching that final screenshot. I feel much better now. I thought you were referencing the IP Address configuration on the interfaces/VLANs themselves. I didn't realize you we're referring to Address Management. You probably mentioned it and I overlooked it. As those are just network objects used to tie IPs to names and groups, all of that is correct. Congrats on resolving it. Sorry I couldn't be of more assistance.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

dbalagosa · ‎05-17-2013

Yes I mentioned it. Nevertheless, this is solved and you can close this one now.

SHAWN EFTINK · ‎05-17-2013

If you feel any of the answers were the correct answer, you can mark it as the correct answer and that will "close out" the discussion. Otherwise you can just leave it and it will cycle off the list eventually.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.