Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > Cisco 1841 router - can't source ping inside to internet

Reply
Thread Tools

Cisco 1841 router - can't source ping inside to internet

 
 
yg1985 yg1985 is offline
Junior Member
Join Date: Jan 2009
Posts: 2
 
      01-27-2009
Hi all,

I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise.

------------------------------------------------

router# ping 4.2.2.2 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.60.254
.....
Success rate is 0 percent (0/5)


-------------------------------------------------

version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 debugging
!
aaa new-model
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PDT recurring
no ip source-route
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.60.10 192.168.60.20
ip dhcp excluded-address 192.168.60.1
ip dhcp excluded-address 192.168.60.254
!
ip dhcp pool kitchen
network 192.168.60.0 255.255.255.0
dns-server x.x.x.x
default-router 192.168.60.254
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0
timeout 1000
threshold 2
frequency 15
ip sla monitor schedule 1 start-time now
vpdn enable
!
!
!
!

archive
log config
hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 65535
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip ssh time-out 60
!
track 100 rtr 1 reachability
!
!
crypto isakmp policy 11
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxxx address x.x.x.x no-xauth
!
!
crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac
!
crypto map colovpn 11 ipsec-isakmp
set peer x.x.x.x
set transform-set encryption
match address 101
!
!
!
interface FastEthernet0/0
description DSL WAN Interface
no ip address
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description LAN subnet
ip address 192.168.60.254 255.255.255.0
no ip unreachables
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0/0
description Internet T1
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
crypto map colovpn
!
interface Dialer0
description DSL WAN Dialer
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 7 xxxxxx
ppp pap sent-username xxxxxx password 7 xxxxxxx
ppp ipcp dns request
ppp ipcp address accept
crypto map colovpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 100
ip route 0.0.0.0 0.0.0.0 Dialer0 200
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 192.168.9.1 2055
!
no ip http server
no ip http secure-server
ip nat inside source list nat interface Serial0/0/0 overload
ip nat inside source list natDSL interface Dialer0 overload
!
ip access-list extended nat
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
ip access-list extended natDSL
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
!
logging history informational
logging facility syslog
logging source-interface FastEthernet0/1
logging 192.168.9.1
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
access-list 101 deny ip any any

--------------------------------------------
router#sho ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 192.168.60.254 YES NVRAM up up
Serial0/0/0 x.x.x.x YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 x.x.x.x YES IPCP up up
 
Reply With Quote
 
 
 
 
Torrence Torrence is offline
Junior Member
Join Date: Mar 2010
Posts: 6
 
      03-09-2010
Quote:
Originally Posted by yg1985
Hi all,

I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise.

------------------------------------------------

router# ping 4.2.2.2 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.60.254
.....
Success rate is 0 percent (0/5)


-------------------------------------------------

version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 debugging
!
aaa new-model
!
!
!
aaa session-id common
clock timezone PST -8
clock summer-time PDT recurring
no ip source-route
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.60.10 192.168.60.20
ip dhcp excluded-address 192.168.60.1
ip dhcp excluded-address 192.168.60.254
!
ip dhcp pool kitchen
network 192.168.60.0 255.255.255.0
dns-server x.x.x.x
default-router 192.168.60.254
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip sla monitor 1
type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0
timeout 1000
threshold 2
frequency 15
ip sla monitor schedule 1 start-time now
vpdn enable
!
!
!
!

archive
log config
hidekeys
!
!
ip tcp selective-ack
ip tcp window-size 65535
ip tcp synwait-time 10
ip tcp path-mtu-discovery
ip ssh time-out 60
!
track 100 rtr 1 reachability
!
!
crypto isakmp policy 11
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxxx address x.x.x.x no-xauth
!
!
crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac
!
crypto map colovpn 11 ipsec-isakmp
set peer x.x.x.x
set transform-set encryption
match address 101
!
!
!
interface FastEthernet0/0
description DSL WAN Interface
no ip address
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/1
description LAN subnet
ip address 192.168.60.254 255.255.255.0
no ip unreachables
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/0/0
description Internet T1
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache cef
no ip route-cache
no ip mroute-cache
crypto map colovpn
!
interface Dialer0
description DSL WAN Dialer
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 7 xxxxxx
ppp pap sent-username xxxxxx password 7 xxxxxxx
ppp ipcp dns request
ppp ipcp address accept
crypto map colovpn
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x track 100
ip route 0.0.0.0 0.0.0.0 Dialer0 200
ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 192.168.9.1 2055
!
no ip http server
no ip http secure-server
ip nat inside source list nat interface Serial0/0/0 overload
ip nat inside source list natDSL interface Dialer0 overload
!
ip access-list extended nat
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
ip access-list extended natDSL
deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
permit ip any any
!
logging history informational
logging facility syslog
logging source-interface FastEthernet0/1
logging 192.168.9.1
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
access-list 101 deny ip any any

--------------------------------------------
router#sho ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/1 192.168.60.254 YES NVRAM up up
Serial0/0/0 x.x.x.x YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Dialer0 x.x.x.x YES IPCP up up
You denied the IP in one of your statements before you allowed the same port so it has already been denied and will not be allowed just because you wrote an allow statement below. You need to remove the deny statement that includes the IP address you intend to source ping with.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I can ping the router but router can't ping me superkingkong Cisco 2 04-17-2010 01:59 PM
Cisco 1841 router - can't source ping from inside to internet yg1985 Cisco 1 01-28-2009 09:57 AM
Simple Cisco 1841 router configuration has bad latency on one side. r123@pacbell.net Cisco 6 02-14-2007 11:51 AM
Simple Cisco 1841 router configuration has bad latency on one side. r123@pacbell.net Cisco 0 02-08-2007 11:32 PM
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router war_wheelan@yahoo.com Cisco 1 12-14-2005 03:31 PM



Advertisments