Cisco 1841 router - can't source ping inside to internet

Discussion in 'Hardware' started by yg1985, Jan 27, 2009.

  1. yg1985

    yg1985

    Joined:
    Jan 27, 2009
    Messages:
    2
    Hi all,

    I just installed a 1841 router with an internet T1 as it's primary connection and a DSL for the backup. For some odd reason, I can't source ping fa0/1 (LAN interface) to any public IP addresses (4.2.2.2 for example). Now the users on that subnet are able to access the internet and ping any public IP addresses just fine. I really need to be able to source ping from the LAN interface for failover testing. Please advise.

    ------------------------------------------------

    router# ping 4.2.2.2 source fastEthernet 0/1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
    Packet sent with a source address of 192.168.60.254
    .....
    Success rate is 0 percent (0/5)


    -------------------------------------------------

    version 12.4
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 32000 debugging
    !
    aaa new-model
    !
    !
    !
    aaa session-id common
    clock timezone PST -8
    clock summer-time PDT recurring
    no ip source-route
    ip cef
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.60.10 192.168.60.20
    ip dhcp excluded-address 192.168.60.1
    ip dhcp excluded-address 192.168.60.254
    !
    ip dhcp pool kitchen
    network 192.168.60.0 255.255.255.0
    dns-server x.x.x.x
    default-router 192.168.60.254
    !
    !
    ip flow-cache timeout active 1
    no ip domain lookup
    ip sla monitor 1
    type echo protocol ipIcmpEcho x.x.x.x source-interface Serial0/0/0
    timeout 1000
    threshold 2
    frequency 15
    ip sla monitor schedule 1 start-time now
    vpdn enable
    !
    !
    !
    !

    archive
    log config
    hidekeys
    !
    !
    ip tcp selective-ack
    ip tcp window-size 65535
    ip tcp synwait-time 10
    ip tcp path-mtu-discovery
    ip ssh time-out 60
    !
    track 100 rtr 1 reachability
    !
    !
    crypto isakmp policy 11
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key xxxxx address x.x.x.x no-xauth
    !
    !
    crypto ipsec transform-set encryption esp-aes 256 esp-sha-hmac
    !
    crypto map colovpn 11 ipsec-isakmp
    set peer x.x.x.x
    set transform-set encryption
    match address 101
    !
    !
    !
    interface FastEthernet0/0
    description DSL WAN Interface
    no ip address
    ip virtual-reassembly
    no ip mroute-cache
    duplex auto
    speed auto
    pppoe enable group global
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface FastEthernet0/1
    description LAN subnet
    ip address 192.168.60.254 255.255.255.0
    no ip unreachables
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    description Internet T1
    ip address x.x.x.x 255.255.255.252
    no ip redirects
    no ip unreachables
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    crypto map colovpn
    !
    interface Dialer0
    description DSL WAN Dialer
    ip address negotiated
    no ip unreachables
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxxx
    ppp chap password 7 xxxxxx
    ppp pap sent-username xxxxxx password 7 xxxxxxx
    ppp ipcp dns request
    ppp ipcp address accept
    crypto map colovpn
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 x.x.x.x track 100
    ip route 0.0.0.0 0.0.0.0 Dialer0 200
    ip flow-export source FastEthernet0/1
    ip flow-export version 5
    ip flow-export destination 192.168.9.1 2055
    !
    no ip http server
    no ip http secure-server
    ip nat inside source list nat interface Serial0/0/0 overload
    ip nat inside source list natDSL interface Dialer0 overload
    !
    ip access-list extended nat
    deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    permit ip any any
    ip access-list extended natDSL
    deny ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    deny ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    permit ip any any
    !
    logging history informational
    logging facility syslog
    logging source-interface FastEthernet0/1
    logging 192.168.9.1
    access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.52.0 0.0.0.15
    access-list 101 permit ip 192.168.60.0 0.0.0.255 192.168.8.0 0.0.3.255
    access-list 101 deny ip any any

    --------------------------------------------
    router#sho ip int br
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 unassigned YES NVRAM up up
    FastEthernet0/1 192.168.60.254 YES NVRAM up up
    Serial0/0/0 x.x.x.x YES NVRAM up up
    NVI0 unassigned NO unset up up
    Virtual-Access1 unassigned YES unset up up
    Virtual-Access2 unassigned YES unset up up
    Dialer0 x.x.x.x YES IPCP up up
    yg1985, Jan 27, 2009
    #1
    1. Advertising

  2. yg1985

    Torrence

    Joined:
    Mar 3, 2010
    Messages:
    6
    You denied the IP in one of your statements before you allowed the same port so it has already been denied and will not be allowed just because you wrote an allow statement below. You need to remove the deny statement that includes the IP address you intend to source ping with.
    Torrence, Mar 9, 2010
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V0pQQw==?=

    Can not ping myself, but can ping others

    =?Utf-8?B?V0pQQw==?=, Dec 25, 2004, in forum: Wireless Networking
    Replies:
    6
    Views:
    5,896
    Chuck
    Dec 26, 2004
  2. Jim Willsher
    Replies:
    23
    Views:
    14,664
    kjems
    Apr 23, 2008
  3. yg1985
    Replies:
    1
    Views:
    3,038
    Maymclean
    Jan 28, 2009
  4. superkingkong
    Replies:
    2
    Views:
    1,759
    superkingkong
    Apr 17, 2010
  5. verve13
    Replies:
    0
    Views:
    753
    verve13
    Sep 7, 2012
Loading...

Share This Page