Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
0
Helpful
4
Replies

What could cause a ping to fail on my 4331 ISR?

hayesa
Level 1
Level 1

‎08-16-2017 09:50 AM - edited ‎03-08-2019 11:46 AM

Hello All,

I'm looking for a solution. I have a 4331 ISR that is currently in production and working fine. Though I have some very specific pings that fail and I'm trying to figure out why as it is making it difficult to troubleshoot other things. I've attached a simple Net Diagram below to help me think through this and to make it easy to see my situation.

The problem:
Router @ Branch 1 cannot ping to any address in HQ.

Considerations:
Branch 1 can ping anywhere on its local LAN and even within the MPLS to other Branches.
Everyone can ping Branch 1, whether from HQ, LAN, or neighboring branch.

I have checked access-lists and ruled that out. I'm fairly sure that the routes are fine (I'm using BGP across the MPLS and EIGRP for my LAN). Like I said, Branch 1 is operation and is communicating with HQ, receiving updates and actively contacting a number of servers. Not sure where to go from here.

Any ideas would be greatly appreciated!

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎08-16-2017 09:57 AM

When you ping from the router it will use the source IP of it's WAN interface. 

Can you ping this from HQ ?

Jon

0 Helpful

hayesa
Level 1
Level 1
In response to Jon Marshall

‎08-16-2017 10:05 AM

No I can't, not from HQ. Nor can I ping that WAN interface's gateway.

Though I can ping these addresses from other branches connected to our MPLS.

So these IPs are controlled by my ISP. Could this be an issue on their end?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to hayesa

‎08-16-2017 10:11 AM

So there is no route for that IP or subnet ?

If so is there an interface on the router you do have a route for at HQ ?

If there can you ping that IP. 

Jon

0 Helpful

hayesa
Level 1
Level 1
In response to Jon Marshall

‎08-16-2017 11:27 AM

Your questions got me on the right path.

There were two problems. A routing issue on our HQ Core Switch where traffic being sent to the public address interface of Branch 1 was being redirected with a static route.

The second problem rested with our HQ MPLS router. There was an Access-List that hadn't been updated to allow traffic from Branch 1 public address.

I'm not 100% certain how any traffic was passing between the two locations to begin with, though. There is only this one active interface with that configured public address.

Either way, thank you for the help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card