ping failure

awearbren · ‎08-09-2013

Hi All,

I have a an issue which i think/hope is an easy one but i cannot see it. hopefully i am missing something obvious:

A device (music player: 10.1.47.251) in a remote site is not responding to ping from our head office.

the device responds ok from the router and from within the remote lan

if i try and ping from the local router to the device and set the source as Dialer0 (internet) the ping fails

If i try and ping the device from head office it fails

If i try and ping 10.1.47.250 (a pc in same remote lan connected to same switch) from head office it responds ok

I have connected the music device directly to the router and to the switch but behaviour is the same no matter which device it is connected to.

Head office lan 192.168.100/24

remote site lan 10.1.47.0/24

head office peer 88.88.88.88 (not actual)

remote site peer 99.99.99.57 (not actual)

router config with certain info redacted with ??????? and changed

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ???????????

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

logging buffered 10000

!

no aaa new-model

!

dot11 syslog

ip source-route

ip dhcp excluded-address 10.1.47.1 10.1.47.10

ip dhcp excluded-address 10.1.47.50 10.1.47.254

!

ip dhcp pool Music

network 10.1.47.0 255.255.255.0

default-router 10.1.47.254

dns-server 192.168.101.100

!

ip cef

no ip domain lookup

ip domain name ?????????????

!

username raadmin privilege 15 password 7 ???????????????????

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key ?????? address 88.88.88.88

crypto isakmp key ?????? address ??????????

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

!

crypto map ????????? ipsec-isakmp

description Head Office VPN

set peer 88.88.88.88 (not actual ip)

set transform-set ESP-3DES-MD5

match address 102

crypto map ?????? ipsec-isakmp

description ??????

set peer ???????

set transform-set ESP-3DES-MD5

match address 103

!

archive

log config

hidekeys

!

ip tftp source-interface Vlan1

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 1

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 10.1.47.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Dialer0

description ADSL line number: ??????????

ip address 99.99.99.57 255.255.255.248 (not actual ip)

ip access-group 100 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname ??????????????????

ppp chap password 7 ???????????????????

crypto map ??????????????????

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

ip nat inside source route-map Natted interface Dialer0 overload

!

logging history critical

access-list 100 remark Dialer0 Access List

access-list 100 permit tcp any host ?????????? established

access-list 100 permit tcp host ??????????? host 99.99.99.57 eq 22

access-list 100 permit tcp host ??????? host 99.99.99.57 eq 22

access-list 100 permit icmp host ????? host 99.99.99.57

access-list 100 permit icmp host ??????? host 99.99.99.57

access-list 100 permit udp host ????????? host 99.99.99.57 eq isakmp

access-list 100 permit esp host ???????? host 99.99.99.57

access-list 100 permit icmp host 88.88.88.88 host 99.99.99.57

access-list 100 permit tcp host 88.88.88.88 host 99.99.99.57 eq 22

access-list 100 permit udp host 88.88.88.88 host 99.99.99.57 eq isakmp

access-list 100 permit esp host 88.88.88.88 host 99.99.99.57

access-list 100 deny icmp any any timestamp-reply

access-list 100 deny icmp any any timestamp-request

access-list 100 deny ip any any log

access-list 101 deny ip any host ?????????????

access-list 101 deny ip any host ???????????

access-list 101 deny ip 10.1.47.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 101 deny ip 10.1.47.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 101 permit ip any host ???????????

access-list 101 permit ip any host ?????????????????

access-list 101 permit ip any host ?????????????

access-list 101 permit ip any host???????????????

access-list 101 permit ip any host ???????????????

access-list 101 permit ip any host ?????????????????

access-list 101 permit ip any host ??????????????

access-list 101 permit ip any host ????????????????

access-list 101 permit ip any any

access-list 101 deny ip any any

access-list 102 permit ip 10.1.47.0 0.0.0.255 192.168.96.0 0.0.31.255

access-list 102 permit ip 10.1.47.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 103 permit ip 10.1.47.0 0.0.0.255 192.168.51.48 0.0.0.15

dialer-list 1 protocol ip permit

!

route-map Natted permit 1

match ip address 101

!

snmp-server community ???????????????? RO

!

control-plane

!

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

login local

transport input ssh

!

scheduler max-task-time 5000

end

jawad-mukhtar · ‎08-09-2013

access-list 103 permit ip 10.1.47.0 0.0.0.255 192.168.51.48 0.0.0.15

its ur vpn acl

u have not permited your remote lan subnet in that

Jawad

awearbren · ‎08-12-2013

Hi Jawad,

Thanks for your response. Unfourtunately i do not think this is the issue.

Access-list 103 is an acl for a VPN to a third party support partner. It is not related to Head Office traffic.

Access-list 102 is the access list for the VPN from Head Office to remote site and is the acl of interest here.

Access-list 102 is configured correctly and this is borne out by the fact i can ping 10.1.47.250 (but not 251)

thanks again

Brendan

Peter Koltl · ‎09-14-2013

Music player's default gateway is not set properly.