cannot ping from subnet A to subnet B for a specific host

Discussion in 'Cisco' started by soup_or_power@yahoo.com, Aug 3, 2006.

  1. Guest

    Hi
    I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    gateway is 192.168.11.253

    Here is the router config


    Using 1165 out of 29688 bytes
    !
    version 12.0
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Corp-WAN
    !
    enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG.
    enable password 7 025701431B030C355946061400
    !
    ip subnet-zero
    ip name-server 141.155.0.68
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.11.253 255.255.255.0
    no ip directed-broadcast
    ip nat inside
    !
    interface Serial0/0
    ip address 192.168.254.1 255.255.255.0
    no ip directed-broadcast
    shutdown
    !
    interface FastEthernet0/1
    ip address 192.168.5.2 255.255.255.0
    no ip directed-broadcast
    ip nat outside
    !
    ip nat inside source list 2 interface FastEthernet0/1 overload
    ip nat inside source static 192.168.11.63 192.168.5.63
    ip nat inside source static 192.168.11.13 192.168.5.13
    ip nat inside source static 192.168.11.61 192.168.5.61
    ip nat inside source static 192.168.11.58 192.168.5.58
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.5.1
    no ip http server
    !
    access-list 2 permit 192.168.11.0 0.0.0.255
    !
    line con 0
    password 7 0055161E145E08121A2943430C
    login
    transport input none
    line aux 0
    line vty 0 4
    password 7 0055161E145E08121A2943430C
    login
    !
    no scheduler allocate
    end


    I'd appreciate if you can kindly explain to me the router config.


    Thanks
     
    , Aug 3, 2006
    #1
    1. Advertising

  2. Guest

    This seems like a tough situation as I don't see any replies. BTW, the
    ip 192.168.5.1 belongs to a PIX firewall.
    wrote:
    > Hi
    > I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    > The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    > gateway is 192.168.11.253
    >
    > Here is the router config
    >
    >
    > Using 1165 out of 29688 bytes
    > !
    > version 12.0
    > service timestamps debug uptime
    > service timestamps log uptime
    > service password-encryption
    > !
    > hostname Corp-WAN
    > !
    > enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG.
    > enable password 7 025701431B030C355946061400
    > !
    > ip subnet-zero
    > ip name-server 141.155.0.68
    > !
    > !
    > !
    > !
    > interface FastEthernet0/0
    > ip address 192.168.11.253 255.255.255.0
    > no ip directed-broadcast
    > ip nat inside
    > !
    > interface Serial0/0
    > ip address 192.168.254.1 255.255.255.0
    > no ip directed-broadcast
    > shutdown
    > !
    > interface FastEthernet0/1
    > ip address 192.168.5.2 255.255.255.0
    > no ip directed-broadcast
    > ip nat outside
    > !
    > ip nat inside source list 2 interface FastEthernet0/1 overload
    > ip nat inside source static 192.168.11.63 192.168.5.63
    > ip nat inside source static 192.168.11.13 192.168.5.13
    > ip nat inside source static 192.168.11.61 192.168.5.61
    > ip nat inside source static 192.168.11.58 192.168.5.58
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 192.168.5.1
    > no ip http server
    > !
    > access-list 2 permit 192.168.11.0 0.0.0.255
    > !
    > line con 0
    > password 7 0055161E145E08121A2943430C
    > login
    > transport input none
    > line aux 0
    > line vty 0 4
    > password 7 0055161E145E08121A2943430C
    > login
    > !
    > no scheduler allocate
    > end
    >
    >
    > I'd appreciate if you can kindly explain to me the router config.
    >
    >
    > Thanks
     
    , Aug 3, 2006
    #2
    1. Advertising

  3. AM Guest

    wrote:

    > Hi
    > I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    > The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    > gateway is 192.168.11.253
    >
    > Here is the router config


    >
    > I'd appreciate if you can kindly explain to me the router config.
    >



    From my point of view there is nothing strange...

    Alex.
     
    AM, Aug 3, 2006
    #3
  4. AM Guest

    wrote:

    > Hi
    > I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    > The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    > gateway is 192.168.11.253
    >
    > Here is the router config


    >
    > I'd appreciate if you can kindly explain to me the router config.
    >



    From my point of view there is nothing strange...
    Try to enable "deb ip nat" and see if the router do the NAT.
    Be aware that such a debugging might overload the router depending on how much traffic you have

    Alex.
     
    AM, Aug 3, 2006
    #4
  5. Guest

    AM wrote:
    > wrote:
    >
    > > Hi
    > > I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    > > The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    > > gateway is 192.168.11.253
    > >
    > > Here is the router config

    >
    > >
    > > I'd appreciate if you can kindly explain to me the router config.
    > >

    >
    >
    > From my point of view there is nothing strange...
    > Try to enable "deb ip nat" and see if the router do the NAT.
    > Be aware that such a debugging might overload the router depending on how much traffic you have
    >
    > Alex.


    Hi Alex
    How do I see the output of the command "deb ip nat"?

    Thanks
     
    , Aug 3, 2006
    #5
  6. AM Guest

    wrote:


    > Hi Alex
    > How do I see the output of the command "deb ip nat"?


    that enables the debugging of NAT translation. If you are connected to the router via telnet just type "term mon" and
    "term no mon" to disable it.

    Be prepared to a lot of garbage.

    Otherwise if you are in console the router should already display the translations.

    Alex.
     
    AM, Aug 3, 2006
    #6
  7. Guest

    AM wrote:
    > wrote:
    >
    >
    > > Hi Alex
    > > How do I see the output of the command "deb ip nat"?

    >
    > that enables the debugging of NAT translation. If you are connected to the router via telnet just type "term mon" and
    > "term no mon" to disable it.
    >
    > Be prepared to a lot of garbage.
    >
    > Otherwise if you are in console the router should already display the translations.
    >
    > Alex.


    I don't see any output.
     
    , Aug 3, 2006
    #7
  8. Guest

    Here is the network diagram
    Wave2WaveRouter
    |
    |
    Office firewall (192.168.5.1)
    |
    |
    office router
    |-------------------------------------------------------------------
    | |

    192.168.5.0 192.168.11.0
    192.168.5.10
    192.168.11.65
    192.168.5.149

    I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    192.168.5.149 from 192.168.11.65.
     
    , Aug 3, 2006
    #8
  9. Guest

    wrote:
    > Here is the network diagram
    > Wave2WaveRouter
    > |
    > |
    > Office firewall (192.168.5.1)
    > |
    > |
    > office router
    > |-------------------------------------------------------------------
    > | |
    >
    > 192.168.5.0 192.168.11.0
    > 192.168.5.10 192.168.11.65
    > 192.168.5.149
    >
    > I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    > 192.168.5.149 from 192.168.11.65.


    oops...the diagram didn't post as I typed. The host 192.168.11.65 was
    meant to be under 192.168.11.0

    Thanks
     
    , Aug 3, 2006
    #9
  10. Guest

    Cisco router dropping packets

    Here is the network diagram
    Wave2WaveRouter
    |
    |
    Office firewall (192.168.5.1)
    |
    |
    office router
    |-------------------------------------------------------------------
    | |

    192.168.5.0 192.168.11.0

    192.168.5.10
    192.168.11.65
    192.168.5.149


    I can ping 192.168.5.10 from 192.168.11.65 but not 192.168.5.149

    > Here is the router config
    >
    >
    > Using 1165 out of 29688 bytes
    > !
    > version 12.0
    > service timestamps debug uptime
    > service timestamps log uptime
    > service password-encryption
    > !
    > hostname Corp-WAN
    > !
    > enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG.
    > enable password 7 025701431B030C355946061400
    > !
    > ip subnet-zero
    > ip name-server 141.155.0.68
    > !
    > !
    > !
    > !
    > interface FastEthernet0/0
    > ip address 192.168.11.253 255.255.255.0
    > no ip directed-broadcast
    > ip nat inside
    > !
    > interface Serial0/0
    > ip address 192.168.254.1 255.255.255.0
    > no ip directed-broadcast
    > shutdown
    > !
    > interface FastEthernet0/1
    > ip address 192.168.5.2 255.255.255.0
    > no ip directed-broadcast
    > ip nat outside
    > !
    > ip nat inside source list 2 interface FastEthernet0/1 overload
    > ip nat inside source static 192.168.11.63 192.168.5.63
    > ip nat inside source static 192.168.11.13 192.168.5.13
    > ip nat inside source static 192.168.11.61 192.168.5.61
    > ip nat inside source static 192.168.11.58 192.168.5.58
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 192.168.5.1
    > no ip http server
    > !
    > access-list 2 permit 192.168.11.0 0.0.0.255
    > !
    > line con 0
    > password 7 0055161E145E08121A2943430C
    > login
    > transport input none
    > line aux 0
    > line vty 0 4
    > password 7 0055161E145E08121A2943430C
    > login
    > !
    > no scheduler allocate
    > end
    >
    >
    > I'd appreciate if you can kindly explain to me the router config.
    >
    >
    > Thanks
     
    , Aug 4, 2006
    #10
  11. In article <>,
    wrote:

    > Hi
    > I cannot ping 192.168.5.149 from 192.168.11.65 and vice-versa.
    > The gateway for 192.168.5.149 is 192.168.5.1 and for 192.168.11.65 the
    > gateway is 192.168.11.253


    Wasn't there already another thread on this problem? Why did you start
    a new one instead of continuing that one?

    --
    Barry Margolin,
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***
     
    Barry Margolin, Aug 4, 2006
    #11
  12. AM Guest

    wrote:

    >
    >
    > I don't see any output.


    Have you done a ping while monitoring?

    Alex.
     
    AM, Aug 4, 2006
    #12
  13. Grog Guest

    On 3 Aug 2006 14:09:15 -0700, wrote:

    >
    > wrote:
    >> Here is the network diagram
    >> Wave2WaveRouter
    >> |
    >> |
    >> Office firewall (192.168.5.1)
    >> |
    >> |
    >> office router
    >> |-------------------------------------------------------------------
    >> | |
    >>
    >> 192.168.5.0 192.168.11.0
    >> 192.168.5.10 192.168.11.65
    >> 192.168.5.149
    >>
    >> I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    >> 192.168.5.149 from 192.168.11.65.


    On your office router, do you have 192.168.5.x set up as a /24 network
    or do you break it out further?

    Do a sh ip ro 192.168.5.10 and a sh ip ro 192.168.5.149 and put
    the output from each back in a reply.

    Traceroute from 192.168.11.65 to the two 192.168.5.x IPs.

    The diagram makes it look like the firewall and the router are two
    different devices. Is that right?


    Grog
     
    Grog, Aug 4, 2006
    #13
  14. Guest

    Grog wrote:
    > On 3 Aug 2006 14:09:15 -0700, wrote:
    >
    > >
    > > wrote:
    > >> Here is the network diagram
    > >> Wave2WaveRouter
    > >> |
    > >> |
    > >> Office firewall (192.168.5.1)
    > >> |
    > >> |
    > >> office router
    > >> |-------------------------------------------------------------------
    > >> | |
    > >>
    > >> 192.168.5.0 192.168.11.0
    > >> 192.168.5.10 192.168.11.65
    > >> 192.168.5.149
    > >>
    > >> I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    > >> 192.168.5.149 from 192.168.11.65.

    >
    > On your office router, do you have 192.168.5.x set up as a /24 network
    > or do you break it out further?


    192.168.5.x is set up as a /24 network

    >
    > Do a sh ip ro 192.168.5.10 and a sh ip ro 192.168.5.149 and put
    > the output from each back in a reply.

    Corp-WAN>sh ip ro 192.168.5.10
    Routing entry for 192.168.5.0/24
    Known via "connected", distance 0, metric 0 (connected, via
    interface)
    Routing Descriptor Blocks:
    * directly connected, via FastEthernet0/1
    Route metric is 0, traffic share count is 1

    Corp-WAN>sh ip ro 192.168.5.149
    Routing entry for 192.168.5.0/24
    Known via "connected", distance 0, metric 0 (connected, via
    interface)
    Routing Descriptor Blocks:
    * directly connected, via FastEthernet0/1
    Route metric is 0, traffic share count is 1



    > Traceroute from 192.168.11.65 to the two 192.168.5.x IPs.


    Traceroute from 192.168.11.65 to 192.168.5.149
    Primary DNS: 192.168.5.10
    Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    Time out!
    Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    Timeout!

    Traceroute from 192.168.11.65 to 192.168.5.10
    Primary DNS: 192.168.5.10
    Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    Finished Trace for 192.168.5.10

    BTW, I'm using Trellian Traceroute program.


    >
    > The diagram makes it look like the firewall and the router are two
    > different devices. Is that right?


    Yes. The outside ip of the firewall is 209.178.198.242 and the inside
    ip is 192.168.5.1


    >
    >
    > Grog


    Thanks
     
    , Aug 4, 2006
    #14
  15. Guest

    AM wrote:
    > wrote:
    >
    > >
    > >
    > > I don't see any output.

    >
    > Have you done a ping while monitoring?
    >
    > Alex.


    Yes!
     
    , Aug 4, 2006
    #15
  16. Guest

    wrote:
    > Grog wrote:
    > > On 3 Aug 2006 14:09:15 -0700, wrote:
    > >
    > > >
    > > > wrote:
    > > >> Here is the network diagram
    > > >> Wave2WaveRouter
    > > >> |
    > > >> |
    > > >> Office firewall (192.168.5.1)
    > > >> |
    > > >> |
    > > >> office router
    > > >> |-------------------------------------------------------------------
    > > >> | |
    > > >>
    > > >> 192.168.5.0 192.168.11.0
    > > >> 192.168.5.10 192.168.11.65
    > > >> 192.168.5.149
    > > >>
    > > >> I can ping 192.168.5.10 from 192.168.11.65. But I cannot ping
    > > >> 192.168.5.149 from 192.168.11.65.

    > >
    > > On your office router, do you have 192.168.5.x set up as a /24 network
    > > or do you break it out further?

    >
    > 192.168.5.x is set up as a /24 network
    >
    > >
    > > Do a sh ip ro 192.168.5.10 and a sh ip ro 192.168.5.149 and put
    > > the output from each back in a reply.

    > Corp-WAN>sh ip ro 192.168.5.10
    > Routing entry for 192.168.5.0/24
    > Known via "connected", distance 0, metric 0 (connected, via
    > interface)
    > Routing Descriptor Blocks:
    > * directly connected, via FastEthernet0/1
    > Route metric is 0, traffic share count is 1
    >
    > Corp-WAN>sh ip ro 192.168.5.149
    > Routing entry for 192.168.5.0/24
    > Known via "connected", distance 0, metric 0 (connected, via
    > interface)
    > Routing Descriptor Blocks:
    > * directly connected, via FastEthernet0/1
    > Route metric is 0, traffic share count is 1
    >
    >
    >
    > > Traceroute from 192.168.11.65 to the two 192.168.5.x IPs.

    >
    > Traceroute from 192.168.11.65 to 192.168.5.149
    > Primary DNS: 192.168.5.10
    > Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    > Time out!
    > Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    > Timeout!
    >
    > Traceroute from 192.168.11.65 to 192.168.5.10
    > Primary DNS: 192.168.5.10
    > Failed to resolve Hop#1 [DNS Servers Reports Query Name Error]
    > Failed to resolve Hop#50[DNS Server Reports Query Name Error]
    > Finished Trace for 192.168.5.10
    >
    > BTW, I'm using Trellian Traceroute program.
    >
    >
    > >
    > > The diagram makes it look like the firewall and the router are two
    > > different devices. Is that right?

    >
    > Yes. The outside ip of the firewall is 209.178.198.242 and the inside
    > ip is 192.168.5.1
    >
    >
    > >
    > >
    > > Grog

    >
    > Thanks


    Regarding traceroute for 192.168.5.149 this is how it looks in the main
    window of Trellian software
    192.168.11.253
    0.0.0.0

    Traceroute for 192.168.5.10 looks like
    192.168.11.253
    192.168.5.10

    I guess the traceroute for 192.168.5.149 has failed

    Regards
     
    , Aug 4, 2006
    #16
  17. Guest

    Re: Cisco router dropping packets

    wrote:
    > Here is the network diagram
    > Wave2WaveRouter
    > |
    > |
    > Office firewall (192.168.5.1)
    > |
    > |
    > office router
    > |-------------------------------------------------------------------
    > | |
    >
    > 192.168.5.0 192.168.11.0
    >
    > 192.168.5.10
    > 192.168.11.65
    > 192.168.5.149
    >
    >
    > I can ping 192.168.5.10 from 192.168.11.65 but not 192.168.5.149
    >
    > > Here is the router config
    > >
    > >
    > > Using 1165 out of 29688 bytes
    > > !
    > > version 12.0
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > service password-encryption
    > > !
    > > hostname Corp-WAN
    > > !
    > > enable secret 5 $1$Hfy0$HVtYn6SGr01RgJHPW33ZG.
    > > enable password 7 025701431B030C355946061400
    > > !
    > > ip subnet-zero
    > > ip name-server 141.155.0.68
    > > !
    > > !
    > > !
    > > !
    > > interface FastEthernet0/0
    > > ip address 192.168.11.253 255.255.255.0
    > > no ip directed-broadcast
    > > ip nat inside
    > > !
    > > interface Serial0/0
    > > ip address 192.168.254.1 255.255.255.0
    > > no ip directed-broadcast
    > > shutdown
    > > !
    > > interface FastEthernet0/1
    > > ip address 192.168.5.2 255.255.255.0
    > > no ip directed-broadcast
    > > ip nat outside
    > > !
    > > ip nat inside source list 2 interface FastEthernet0/1 overload
    > > ip nat inside source static 192.168.11.63 192.168.5.63
    > > ip nat inside source static 192.168.11.13 192.168.5.13
    > > ip nat inside source static 192.168.11.61 192.168.5.61
    > > ip nat inside source static 192.168.11.58 192.168.5.58
    > > ip classless
    > > ip route 0.0.0.0 0.0.0.0 192.168.5.1
    > > no ip http server
    > > !
    > > access-list 2 permit 192.168.11.0 0.0.0.255
    > > !
    > > line con 0
    > > password 7 0055161E145E08121A2943430C
    > > login
    > > transport input none
    > > line aux 0
    > > line vty 0 4
    > > password 7 0055161E145E08121A2943430C
    > > login
    > > !
    > > no scheduler allocate
    > > end
    > >
    > >
    > > I'd appreciate if you can kindly explain to me the router config.
    > >
    > >
    > > Thanks



    I set the gateway on 192.168.5.149 to 192.168.5.2 (router's
    FastEthernet interface) and everything worked fine!

    Many thanks for your help.
     
    , Aug 4, 2006
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mimiseh
    Replies:
    3
    Views:
    925
  2. RLM
    Replies:
    6
    Views:
    2,451
  3. Replies:
    2
    Views:
    449
  4. Replies:
    0
    Views:
    335
  5. Giuen
    Replies:
    0
    Views:
    1,010
    Giuen
    Sep 12, 2008
Loading...

Share This Page