Cisco 1841 router - can't source ping from inside to internet

Discussion in 'Cisco' started by yg1985, Jan 27, 2009.

  1. yg1985

    yg1985

    Joined:
    Jan 27, 2009
    Messages:
    2
    Hi all,

    I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise.

    ------------------------------------------------

    router# ping 4.2.2.2 source fastEthernet 0/1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
    Packet sent with a source address of 192.168.60.254
    .....
    Success rate is 0 percent (0/5)


    -------------------------------------------------

    version 12.4
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 32000 debugging
    !
    aaa new-model
    !
    !
    !
    aaa session-id common
    clock timezone PST -8
    clock summer-time PDT recurring
    no ip source-route
    ip cef
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.60.10 192.168.60.20
    ip dhcp excluded-address 192.168.60.1
    ip dhcp excluded-address 192.168.60.254
    !
    ip dhcp pool kitchen
    network 192.168.60.0 255.255.255.0
    dns-server x.x.x.x
    default-router 192.168.60.254
    !
    !
    ip flow-cache timeout active 1
    no ip domain lookup
    ip sla monitor 1
    type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0
    timeout 1000
    threshold 2
    frequency 15
    ip sla monitor schedule 1 start-time now
    vpdn enable
    !
    !
    !
    !

    archive
    log config
    hidekeys
    !
    !
    ip tcp selective-ack
    ip tcp window-size 65535
    ip tcp synwait-time 10
    ip tcp path-mtu-discovery
    ip ssh time-out 60
    !
    track 100 rtr 1 reachability
    !
    !
    crypto isakmp policy 11
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key xxxxx address x.x.x.x no-xauth
    !
    !
    crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac
    !
    crypto map colovpn 11 ipsec-isakmp
    set peer x.x.x.x
    set transform-set encryption
    match address 101
    !
    !
    !
    interface FastEthernet0/0
    description DSL WAN Interface
    no ip address
    ip virtual-reassembly
    no ip mroute-cache
    duplex auto
    speed auto
    pppoe enable group global
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface FastEthernet0/1
    description LAN subnet
    ip address 192.168.60.254 255.255.255.0
    no ip unreachables
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    description Internet T1
    ip address x.x.x.x 255.255.255.252
    no ip redirects
    no ip unreachables
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    crypto map colovpn
    !
    interface Dialer0
    description DSL WAN Dialer
    ip address negotiated
    no ip unreachables
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxxx
    ppp chap password 7 xxxxxx
    ppp pap sent-username xxxxxx password 7 xxxxxxx
    ppp ipcp dns request
    ppp ipcp address accept
    crypto map colovpn
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 x.x.x.x (serial 0/0/0 gateway) track 100
    ip route 0.0.0.0 0.0.0.0 Dialer0 200
    ip flow-export source FastEthernet0/1
    ip flow-export version 5
    ip flow-export destination 192.168.9.1 2055
    !
    no ip http server
    no ip http secure-server
    ip nat inside source list nat interface Serial0/0/0 overload
    ip nat inside source list natDSL interface Dialer0 overload
    !
    ip access-list extended nat
    deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    permit ip any any
    ip access-list extended natDSL
    deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    permit ip any any
    !
    logging history informational
    logging facility syslog
    logging source-interface FastEthernet0/1
    logging 192.168.9.1
    access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    access-list 101 deny ip any any

    --------------------------------------------
    router#sho ip int br
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 unassigned YES NVRAM up up
    FastEthernet0/1 192.168.60.254 YES NVRAM up up
    Serial0/0/0 x.x.x.x YES NVRAM up up
    NVI0 unassigned NO unset up up
    Virtual-Access1 unassigned YES unset up up
    Virtual-Access2 unassigned YES unset up up
    Dialer0 x.x.x.x YES IPCP up up
     
    yg1985, Jan 27, 2009
    #1
    1. Advertising

  2. yg1985

    Maymclean

    Joined:
    Jan 28, 2009
    Messages:
    3
    RE : Cisco 1841 router - can't source ping from inside to internet

    Hi, Its nice post and thank you very much for sharing this information.
     
    Maymclean, Jan 28, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V0pQQw==?=

    Can not ping myself, but can ping others

    =?Utf-8?B?V0pQQw==?=, Dec 25, 2004, in forum: Wireless Networking
    Replies:
    6
    Views:
    6,020
    Chuck
    Dec 26, 2004
  2. Jim Willsher
    Replies:
    23
    Views:
    15,095
    kjems
    Apr 23, 2008
  3. yg1985
    Replies:
    1
    Views:
    6,124
    Torrence
    Mar 9, 2010
  4. superkingkong
    Replies:
    2
    Views:
    1,882
    superkingkong
    Apr 17, 2010
  5. verve13
    Replies:
    0
    Views:
    824
    verve13
    Sep 7, 2012
Loading...

Share This Page