Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
0
Helpful
6
Replies

ping request failure.

dipak3254176
Level 1
Level 1

‎06-26-2012 10:40 AM - last edited on ‎03-25-2019 04:20 PM by Community Manager

i have a branch located in one of the regional location. To connect my branch with my company network. i have taken mpls line from our service provider.

In my branch office i have installed a layer 3 switch. Since we want to segregate my lan. we have created a vlan in l3 switch named vlan 10. i am facing a problem to connect my vlan host to company network.

Switch configuration is below.

vlan 10 ip 172.16.10.1 255.255.254.0

Default route 0.0.0.0 0.0.0.0 192.168.9.1

port Fa0/1 ip 192.168.0.250/24- connecting to 192.168.9.1/24(ISP Router)

Host in vlan 10 ip 172.16.10.10 255.255.254.0

From switch i can able to ping company network host (172.16.0.11).

The ping request from 172.16.10.10 is failed to get response from 172.16.0.1

My firewall is NETASQ

On firewall we can see a log like icmp block to address 192.168.9.1.

Since ping request is generated by my host computer(172.16.10.10) and reply is going to 192.168.9.1(which is MPLS line from ISP). we cannot able to get ping response and firewall block the reply to be send

In  NETASQ firewall there in no such option to apply IPS as filter base policy.

Attaching network Diagram for the same

Kindly Suggest.

Your response is highly appreciated.

Labels:
Preview file
18 KB
0 Helpful
6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-26-2012 10:51 AM

Hello Dipak,

>> port Fa0/1 ip 192.168.0.250/24- connecting to 192.168.9.1/24(ISP Router)

they are not in the same IP subnet routing is broken, port fas0/1 should have ip address 192.168.9.250/24

Hope to help

Giuseppe

0 Helpful

dipak3254176
Level 1
Level 1
In response to Giuseppe Larosa

‎06-26-2012 11:22 AM

Sorry for creating confusion

port Fa0/1 ip 192.168.9.250/24- connecting to 192.168.9.1/24(ISP Router)

0 Helpful

Nandan Mathure
Level 1
Level 1
In response to dipak3254176

‎06-26-2012 12:06 PM

which routes do you see on L3 switch that you have on Branch Office?

"show ip route "

0 Helpful

dipak3254176
Level 1
Level 1
In response to Nandan Mathure

‎06-26-2012 09:59 PM

C    192.168.9.0/24 is directly connected, FastEthernet0/47

C    172.16.10.0/23 is directly connected, Vlan 10

S*   0.0.0.0/0 [1/0] via 192.168.9.1

0 Helpful

Nandan Mathure
Level 1
Level 1
In response to dipak3254176

‎06-26-2012 11:31 PM

Ok. thats good as per what you said earlier. I just wanted to make it sure. So SP is using static routing for VRF.

On the firewall have you allowed the subnet 172.16.10.0/23 from outside to communitcate to inside? And Are you able to ping from 172.16.0.11 to 172.16.10.10 ??

Thanks,

Nandan Mathure

0 Helpful

dipak3254176
Level 1
Level 1
In response to Nandan Mathure

‎06-27-2012 12:28 AM

yes i have already allowed 172.16.10.0/23 on firewall. i cannot able to ping 172.16.10.10 and 172.16.10.1 from 172.16.0.11

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card