Solved: Unable to ping 1 internet site from edge router able to ping fro - Page 2

mahesh18 · ‎01-19-2013

Hi Everyone,

From My Router that connects to Cable modem i am unable to ping website 4.2.2.2

I am able to ping all other websites fines.

Same website i can ping from my pc and all other switches fine.

Router has only 1 ACL thats for NAT.

Need to know what elase i can check on router?

Thanks

Mahesh

mahesh18 · ‎01-20-2013

Hi Abzal,

here is info

2691Router#traceroute 4.2.2.2

Type escape sequence to abort.

Tracing the route to 4.2.2.2

1 * * *

2 * * *

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

sh ip route shows

2691Router# sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 70.75.72.1 to network 0.0.0.0

200.200.200.0/32 is subnetted, 1 subnets

D 200.200.200.200 [90/297372416] via 13.13.13.3, 07:12:19, Tunnel0

201.201.201.0/32 is subnetted, 1 subnets

D 201.201.201.201 [90/297372416] via 13.13.13.3, 07:12:19, Tunnel0

2.0.0.0/24 is subnetted, 1 subnets

C 2.2.2.0 is directly connected, Loopback2

100.0.0.0/32 is subnetted, 1 subnets

C 100.100.100.100 is directly connected, Loopback7

70.0.0.0/22 is subnetted, 1 subnets

C 70.75.72.0 is directly connected, FastEthernet0/0

3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 3.3.3.0/24 is directly connected, Loopback3

O 3.4.4.4/32 [110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

O 192.168.30.0/24 [110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

101.0.0.0/32 is subnetted, 1 subnets

C 101.101.101.101 is directly connected, Loopback8

64.0.0.0/32 is subnetted, 1 subnets

S 64.59.135.150 [254/0] via 70.75.72.1, FastEthernet0/0

4.0.0.0/24 is subnetted, 1 subnets

C 4.4.4.0 is directly connected, Loopback4

20.0.0.0/32 is subnetted, 1 subnets

O 20.0.0.1 [110/3] via 192.168.5.2, 07:13:32, FastEthernet0/1

O 192.168.10.0/24 [110/2] via 192.168.6.2, 07:13:32, FastEthernet1/0

[110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

172.31.0.0/24 is subnetted, 4 subnets

S 172.31.3.0 is directly connected, Null0

S 172.31.2.0 is directly connected, Null0

S 172.31.1.0 is directly connected, Null0

S 172.31.0.0 is directly connected, Null0

O 192.168.98.0/24 [110/3] via 192.168.5.2, 07:13:32, FastEthernet0/1

192.168.4.0/31 is subnetted, 1 subnets

O 192.168.4.2 [110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

O 192.168.99.0/24 [110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

O 192.168.20.0/24 [110/2] via 192.168.6.2, 07:13:32, FastEthernet1/0

[110/2] via 192.168.5.2, 07:13:32, FastEthernet0/1

192.168.5.0/31 is subnetted, 1 subnets

C 192.168.5.2 is directly connected, FastEthernet0/1

10.0.0.0/32 is subnetted, 1 subnets

C 10.0.0.1 is directly connected, Loopback6

192.168.6.0/31 is subnetted, 1 subnets

C 192.168.6.2 is directly connected, FastEthernet1/0

13.0.0.0/24 is subnetted, 1 subnets

C 13.13.13.0 is directly connected, Tunnel0

S* 0.0.0.0/0 [254/0] via 70.x.x.x

thanks

mahesh

rabiullah · ‎01-20-2013

Can you try two things?

1) change your default route to ip route 0.0.0.0 0.0.0.0 FastEthernet1/0

if you still can't ping it then try

2) local plicy routing

ip access-list extended LOCAL_TRAFFIC_ACL

permit ip host *YOUR ROUTER's IP" host 4.2.2.2

route-map LOCAL_TRAFFIC_RMAP permit 10

match ip address LOCAL_TRAFFIC_ACL

set ip next-hop *YOUR DG FOR WAN*

ip local policy route-map LOCAL_TRAFFIC_RMAP

let me know if this works

mahesh18 · ‎01-20-2013

Hi,

I changed default route to fa0/0 which has connection to ISP after doing that no internet was working from any PC.

and when i did sh ip route on router

2691Router#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

For local policy routing which router IP i should use the IP address of int connected to ISP?

Thanks

MAhesh

mahesh18 · ‎01-20-2013

Hi,

I used Routers Fa0/0 interface IP here is result

2691Router(config)#ip access-list extended LOCAL_TRAFFIC_ACL

2691Router(config-ext-nacl)#permit ip host 70.x.x.x host 4.2.2.2

2691Router(config-ext-nacl)#

2691Router(config-ext-nacl)#route-map LOCAL_TRAFFIC_RMAP permit 10

2691Router(config-route-map)#match ip address LOCAL_TRAFFIC_ACL

2691Router(config-route-map)#set ip next-hop 70.x.x.x

2691Router(config-route-map)#

2691Router(config-route-map)#ip local policy route-map LOCAL_TRAFFIC_RMAP

2691Router(config)#exit

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Still did not work.

Thanks

Mahesh

Abzal · ‎01-20-2013

Hi,

remove policy-map and try to debug while pingiing

debug ip packet

ping 4.2.2.2

ping 4.2.2.2 source f0/0

u all

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

mahesh18 · ‎01-20-2013

Hi Abzal,

debug ip paclet gives lot of output and no line has IP if 4.2.2.2.

2691Router# ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

2691Router#ping 4.2.2.2 so

2691Router#ping 4.2.2.2 source fa0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 70.x.x.x

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/48/52 ms

Let me know what should i look for in debug ip packet?

Thanks

Mahesh

rabiullah · ‎01-21-2013

When you explicitly specify the source it works but without it doesn't. Will have to see what source address doesn it pick up when you do ping 4.2.2.2.

define an ACL and do a dehug.

access-list 140 permit icmp any host 4.2.2.2

debug ip packet 140

look for the source when you try to ping and the path it takes to forward the traffic

mahesh18 · ‎01-21-2013

Hi,

I did as per your post

2691Router(config-if)#ip access-group 140 out

2691Router(config-if)#end

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

2691Router#ter

2691Router#terminal moni

2691Router#terminal monitor

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

Jan 21 08:01:16.769 MST: IP: tableid=0, s=4.4.4.4 (local), d=4.2.2.2 (FastEthern et0/0), routed via FIB

Jan 21 08:01:16.769 MST: IP: s=4.4.4.4 (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending.

Jan 21 08:01:18.770 MST: IP: tableid=0, s=4.4.4.4 (local), d=4.2.2.2 (FastEthern et0/0), routed via FIB

Jan 21 08:01:18.770 MST: IP: s=4.4.4.4 (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending.

Jan 21 08:01:20.770 MST: IP: tableid=0, s=4.4.4.4 (local), d=4.2.2.2 (FastEthern et0/0), routed via FIB

Jan 21 08:01:20.770 MST: IP: s=4.4.4.4 (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending.

Jan 21 08:01:22.770 MST: IP: tableid=0, s=4.4.4.4 (local), d=4.2.2.2 (FastEthern et0/0), routed via FIB

Jan 21 08:01:22.770 MST: IP: s=4.4.4.4 (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending.

Jan 21 08:01:24.770 MST: IP: tableid=0, s=4.4.4.4 (local), d=4.2.2.2 (FastEthern et0/0), routed via FIB

Jan 21 08:01:24.770 MST: IP: s=4.4.4.4 (local), d=4.2.2.2 (FastEthernet0/0), len

i applied ACL to wan int on outside direction but after doing this i was unable to browse internet but was able to ping the

web sites.

thanks

mahesh

Abzal · ‎01-21-2013

Hi,

Now it's clear what was the problem because your router used as source interface Lo4 with IP 4.4.4.4. And of course this doesn't belongs to you machine with 4.2.2.2 received your pings and then routed that packet to actual 4.4.4.4 machine on the Internet and of course it's not your router .

Also you need to remove this ACL under interface it was just for debugging purpose.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

rabiullah · ‎01-21-2013

Hi,

That ACL was just for debuggin, you shouldn't be applying it to any interface.

Your loopback 2,3 &4 have IP addresses that are public and shouldn't be assigned to your router if they don't belong to you (unless you are working in test lab and not haing internet connection out.

As per logs, 4.4.4.4 is used somewhere else on internet and hence you don't get a response. Change those IPs to local schema if you are using those IPs without any specific reasons.

let me know if you need any further assistance.

PS: Don't forget to rate helpful answers

mahesh18 · ‎01-21-2013

Hi Rabiullah and Abzal,

Many thanks for helping me out to resolve this issue.

this issue was from long time and i was not understanding why this is happening for 1 site only?

I will fix the loopback ip scheme.

You guys keep on coming up with new things to try out and finally we got the reason for ping failing.

Best regards

Mahesh

Unable to ping 1 internet site from edge router able to ping from other devices