Solved: Unable to ping 1 internet site from edge router able to ping from other devices

mahesh18 · ‎01-19-2013

Hi Everyone,

From My Router that connects to Cable modem i am unable to ping website 4.2.2.2

I am able to ping all other websites fines.

Same website i can ping from my pc and all other switches fine.

Router has only 1 ACL thats for NAT.

Need to know what elase i can check on router?

Thanks

Mahesh

rabiullah · ‎01-21-2013

When you explicitly specify the source it works but without it doesn't. Will have to see what source address doesn it pick up when you do ping 4.2.2.2.

define an ACL and do a dehug.

access-list 140 permit icmp any host 4.2.2.2

debug ip packet 140

look for the source when you try to ping and the path it takes to forward the traffic

View solution in original post

Abzal · ‎01-21-2013

Hi,

Now it's clear what was the problem because your router used as source interface Lo4 with IP 4.4.4.4. And of course this doesn't belongs to you machine with 4.2.2.2 received your pings and then routed that packet to actual 4.4.4.4 machine on the Internet and of course it's not your router .

Also you need to remove this ACL under interface it was just for debugging purpose.

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

View solution in original post

rabiullah · ‎01-21-2013

Hi,

That ACL was just for debuggin, you shouldn't be applying it to any interface.

Your loopback 2,3 &4 have IP addresses that are public and shouldn't be assigned to your router if they don't belong to you (unless you are working in test lab and not haing internet connection out.

As per logs, 4.4.4.4 is used somewhere else on internet and hence you don't get a response. Change those IPs to local schema if you are using those IPs without any specific reasons.

let me know if you need any further assistance.

PS: Don't forget to rate helpful answers

View solution in original post

Reza Sharifi · ‎01-19-2013

Hi Mahesh,

Some websites block ping. Can you access the site using HTTP? www..com

HTH

Reza

mahesh18 · ‎01-19-2013

Hi Reza,

I was to ping it before.

This website 4.2.2.2 does not block pings.

2691Router#ping www.b.resolvers.level3.net

Translating "www.b.resolvers.level3.net"

From PC

Microsoft Windows [Version 6.1.7601]

C:\Users\manveer>nslookup 4.2.2.2

Server: pd1nsc4.st.vc.shawcable.net

Address: 64.59.144.19

Name: b.resolvers.Level3.net

Address: 4.2.2.2

C:\Users\manveer>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:

Reply from 4.2.2.2: bytes=32 time=46ms TTL=51

Reply from 4.2.2.2: bytes=32 time=49ms TTL=51

Reply from 4.2.2.2: bytes=32 time=51ms TTL=51

Reply from 4.2.2.2: bytes=32 time=46ms TTL=51

Ping statistics for 4.2.2.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 51ms, Average = 48ms

C:\Users\manveer>

From Nei switch

3550SMIA# ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/48/52 ms

3550SMIA#

I can no tping it from router for some reason

thanks

mahesh

Abzal · ‎01-19-2013

HI,

You are trying to ping by DNS name it looks like domain lookup turned off. But what if you try by IP address 4.2.2.2?

ip domain-lookup

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800c525f.shtml

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

mahesh18 · ‎01-19-2013

Hi Abza,

Here is update

2691Router(config)#exit

2691Router#ping www.b.resolvers.level3.net

Translating "www.b.resolvers.level3.net"...domain server (64.59.144.18) (64.59.1

35.145) (64.59.128.114)

Translating "www.b.resolvers.level3.net"...domain server (64.59.144.18) (64.59.1

35.145) (64.59.128.114)

Translating "www.b.resolvers.level3.net"...domain server (64.59.144.18) (64.59.1

35.145) (64.59.128.114)

Translating "www.b.resolvers.level3.net"...domain server (64.59.144.18) (64.59.1

35.145) (64.59.128.114)

% Unrecognized host or address, or protocol not running.

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rat

Thanks

Mahesh

Reza Sharifi · ‎01-19-2013

Hi Mahesh,

So, you can ping from the router using ip 4.2.2.2 but not using DNS name?

If yes, have you configred DNS on the router?

ip name-server x.x.x.x

ip domain-lookup

HTH

Reza

mahesh18 · ‎01-19-2013

Hi Reza,

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rat

There is no DNS on router

Thanks

MAhesh

Reza Sharifi · ‎01-19-2013

Hi Mahesh,

Can you post sh run?

Thanks,

Reza

mahesh18 · ‎01-19-2013

!

2691Router#sh run

2691Router#sh running-config

Building configuration...

Current configuration : 9488 bytes

!

! Last configuration change at 11:58:43 MST Sat Jan 19 2013

! NVRAM config last updated at 19:50:43 MST Thu Jan 17 2013

!

version 12.4

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service internal

!

hostname 2691Router

!

boot-start-marker

boot-end-marker

!

no logging exception

logging count

logging buffered 4096 informational

no logging console

!

no aaa new-model

clock timezone MST -7

clock summer-time MST recurring

no network-clock-participate slot 1

no ip icmp rate-limit unreachable

ip cef

!

ip host 3550SMIA 192.168.5.2

ip host 3550SMIB 192.168.10.2

ip host 2950T 192.168.10.5

ip host 2650XM 192.168.4.3

ip name-server 64.59.144.18

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

login on-failure log

login on-success log

!

ipv6 unicast-routing

!

archive

log config

hidekeys

path slot0:/configs/$h

write-memory

time-period 1440

!

ip tcp synwait-time 5

ip ssh port 2009 rotary 1

!

buffers tune automatic

!

interface Loopback2

description IBGP neighbour to Router 3550B

ip address 2.2.2.2 255.255.255.0

!

interface Loopback3

description IBGP neighbour to Router R4

ip address 3.3.3.3 255.255.255.0

!

interface Loopback4

ip address 4.4.4.4 255.255.255.0

!

interface Loopback6

description Tunnel0 Source IP

ip address 10.0.0.1 255.255.255.255

!

interface Loopback7

description LAN SEGMENT OF 2691

ip address 100.100.100.100 255.255.255.255

!

interface Loopback8

description LAN SEGMENT OF 2691

ip address 101.101.101.101 255.255.255.255

!

interface Loopback33

description IPV6 OSPF LAB

no ip address

ipv6 address FEC0:4::4/64

ipv6 enable

ipv6 ospf 110 area 100

!

interface Loopback133

description IPV6 OSPF LAB

no ip address

ipv6 address FEC0:1::1/64

ipv6 enable

ipv6 ospf 100 area 101

!

interface Tunnel0

description description GRE EIGRP TUNNEL TO R3

ip address 13.13.13.1 255.255.255.0

keepalive 10 3

cdp enable

tunnel source 192.168.5.3

tunnel destination 192.168.4.3

tunnel path-mtu-discovery

!

interface FastEthernet0/0

description WAN Connection to ISP modem

ip address dhcp

no ip redirects

no ip unreachables

ip accounting output-packets

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0

description Serial connection to 2650 on interface se/0/0

ip address 192.168.1.1 255.255.255.0

encapsulation frame-relay

ip ospf network point-to-multipoint

no keepalive

!

interface FastEthernet0/1

description Lan Connection to 3550A Switch

ip address 192.168.5.3 255.255.255.254

ip flow ingress

ip nat inside

ip virtual-reassembly

ip ospf hello-interval 40

ip ospf priority 10

duplex auto

speed auto

!

interface FastEthernet1/0

description Lan Connection to 3550B Switch

ip address 192.168.6.3 255.255.255.254

ip flow ingress

ip nat inside

ip virtual-reassembly

ip ospf authentication

ip ospf authentication-key 7 05080F1C2243

ip ospf hello-interval 40

ip ospf priority 10

duplex auto

speed auto

!

interface Serial1/0

description Serial connection to 2650 on interface se0/1

ip address 192.168.2.1 255.255.255.0

no keepalive

serial restart-delay 0

!

interface FastEthernet1/1

description Backup Connection to 3550B Switch interface fa0/24

ip address 192.168.7.1 255.255.255.0

ip nat inside

ip virtual-reassembly

shutdown

duplex auto

speed auto

glbp 30 ip 192.168.7.3

glbp 30 preempt delay minimum 120

!

interface Serial1/1

ip address 192.168.9.3 255.255.255.0

encapsulation frame-relay

ip ospf network point-to-multipoint non-broadcast

no keepalive

serial restart-delay 0

frame-relay map ip 192.168.9.2 104 broadcast

!

router eigrp 100

redistribute connected

passive-interface Loopback7

passive-interface Loopback8

network 13.13.13.1 0.0.0.0

network 100.100.100.100 0.0.0.0

network 101.101.101.101 0.0.0.0

no auto-summary

!

router ospf 1

router-id 4.4.4.4

log-adjacency-changes

redistribute static metric 300 subnets

passive-interface Serial0/0

passive-interface Serial1/1

network 3.3.3.3 0.0.0.0 area 0

network 4.4.4.4 0.0.0.0 area 0

network 10.0.0.1 0.0.0.0 area 0

network 192.168.1.0 0.0.0.255 area 0

network 192.168.2.0 0.0.0.255 area 0

network 192.168.5.0 0.0.0.255 area 0

network 192.168.6.0 0.0.0.255 area 0

default-information originate

!

router bgp 6500

no synchronization

bgp log-neighbor-changes

neighbor 6.6.6.6 remote-as 6500

neighbor 6.6.6.6 password 7 020B05551D030A33

neighbor 6.6.6.6 update-source Loopback3

neighbor 100.100.100.100 remote-as 7500

neighbor 100.100.100.100 shutdown

neighbor 100.100.100.100 update-source Loopback2

no auto-summary

!

no ip classless

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 70.75.72.1

ip route 11.11.11.11 255.255.255.255 6.6.6.6

ip route 172.31.0.0 255.255.255.0 Null0

ip route 172.31.1.0 255.255.255.0 Null0

ip route 172.31.2.0 255.255.255.0 Null0

ip route 172.31.3.0 255.255.255.0 Null0

!

ip flow-export version 5

!

ip http server

ip http port 1025

ip http authentication local

no ip http secure-server

ip nat translation timeout 3600

ip nat inside source list 101 interface FastEthernet0/0 overload

!

logging trap debugging

logging 192.168.20.9

access-list 101 permit ip 192.168.0.0 0.0.255.255 any

snmp-server community supersecret RO

snmp-server community public RO

snmp-server trap-source FastEthernet0/1

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps ds1

snmp-server enable traps tty

snmp-server enable traps eigrp

snmp-server enable traps xgcp

snmp-server enable traps flash insertion removal

snmp-server enable traps ds3

snmp-server enable traps envmon

snmp-server enable traps icsudsu

snmp-server enable traps isdn call-information

snmp-server enable traps isdn layer2

snmp-server enable traps isdn chan-not-avail

snmp-server enable traps isdn ietf

snmp-server enable traps ds0-busyout

snmp-server enable traps ds1-loopback

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps cnpd

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps dial

snmp-server enable traps dsp card-status

snmp-server enable traps entity

snmp-server enable traps event-manager

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmobile

snmp-server enable traps ipmulticast

snmp-server enable traps mpls ldp

snmp-server enable traps mpls traffic-eng

snmp-server enable traps mpls vpn

snmp-server enable traps msdp

snmp-server enable traps mvpn

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messa

ge

snmp-server enable traps pppoe

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps rtr

snmp-server enable traps syslog

snmp-server enable traps l2tun session

snmp-server enable traps vsimaster

snmp-server enable traps vtp

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps voice poor-qov

snmp-server enable traps voice fallback

snmp-server enable traps dnis

snmp-server host 192.168.20.9 version 2c supersecret

ipv6 router ospf 110

log-adjacency-changes

!

ipv6 router ospf 100

log-adjacency-changes

!

control-plane

!

banner motd ^CC

##########################################################

DO NOT LOG ON

##########################################################

^C

alias exec traffic sh ip nbar protocol-discovery stats bit-rate top-n 10

alias exec proc show proc cpu | ex 0.00%__0.00%__0.00%

privilege exec level 5 show running-config

privilege exec level 5 show

!

line con 0

exec-timeout 3000 0

logging synchronous

line aux 0

exec-timeout 0 1

login

modem InOut

no exec

transport output none

flowcontrol hardware

line vty 0 4

exec-timeout 600 0

logging synchronous

login local

rotary 1

length 500

transport input telnet ssh

escape-character 3

line vty 5 15

exec-timeout 600 0

logging synchronous

login local

rotary 1

transport input telnet ssh

!

ntp logging

ntp clock-period 17180580

ntp server 91.103.24.10

!

end

2691Router#$

Hi Reza,

Please see config above.

also i have ip dns server config on the router.

Thanks

mahesh

Reza Sharifi · ‎01-19-2013

Hi Mahesh,

The config looks good.

Can you try

clear ip arp 4.2.2.2

and also

clear arp-cache

And then ping 4.2.2.2

HTH

Reza

mahesh18 · ‎01-19-2013

Hi Reza,

Tried still no luck.

Thanks

MAhesh

Reza Sharifi · ‎01-19-2013

Hi Mahesh,

Ok, couple more things

Can you shut the tunnel interface and try again?

and last thing

Can you reboot the router and try again?

HTH

Reza

mahesh18 · ‎01-19-2013

Hi Reza,

Rebooted the router.

Removed and added ACL shut down the tunnel int still same thing.

Do not know what else i can try

thanks

mahesh

mahesh18 · ‎01-19-2013

Hi Reza,

Here is more update

when i ping from Edge router that connects to ISP on int fa0/0

here is info

2691Router#ping ip 4.2.2.2 source fastEthernet 0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 70.x.x.x

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/52/56 ms

2691Router#

Jan 19 23:53:56.374 MST: ICMP: echo reply rcvd, src 4.2.2.2, dst 70.x.x..x

Jan 19 23:53:56.526 MST: ICMP: echo reply rcvd, src 4.2.2.2, dst 70.

Jan 19 23:53:56.578 MST: ICMP: echo reply rcvd, src 4.2.2.2, dst 70.

2691Router#

where IP 70.x.x.x is of fa0/0 interface of router that connects to isp

when i ping like this

2691Router#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

2691Router#

Thanks

Mahesh

Abzal · ‎01-20-2013

Hi,

Show output of edge router

sh ip route

traceroute 4.2.2.2

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal