Cisco 801 Cannot ping remote server from Network but can from Cisco801

Discussion in 'Cisco' started by kevin.harding@harding-it.co.uk, Feb 17, 2005.

  1. Guest

    I have a CISCO 801 that has two dialer interfaces, dialer 1 works fine
    no problem.

    Using Dialer 2 interface I can ping 194.202.236.21 from the 801 but
    cannot ping it from elsewhere on my network.

    MACisco801#ping 194.202.236.21

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 194.202.236.21, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms


    Using Win2K tracert I know the routes ok
    Z:\>tracert 194.202.236.21

    Tracing route to 194.202.236.21 over a maximum of 30 hops

    1 * * * Request timed out.
    2 10 ms <10 ms <10 ms 192.168.100.254
    3 * * * Request timed out.
    4 * * * Request timed out.
    5 * * * Request timed out.
    6 * * * Request timed out.

    Here is a copy of my Config

    MACisco801#sho run
    Building configuration...

    Current configuration : 4387 bytes
    !
    ! Last configuration change at 15:02:13 GMT Thu Feb 17 2005 by
    macisco801
    !
    version 12.1
    no service single-slot-reload-enable
    no service pad
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    hostname MACisco801
    !
    boot bootstrap tftp c800-oy6-mw.121-18.bin 255.255.255.255
    no logging buffered
    enable secret 5 $1$Tv.7$zvo5ICfgx9sS43CZzvo021
    !
    username <username> password <password>
    username <username> password <password>
    !
    !
    !
    !
    clock timezone GMT 0
    clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
    ip subnet-zero
    no ip source-route
    !
    ip domain-name malcolmandrew.local
    ip name-server 192.168.100.2
    isdn switch-type basic-net3
    !
    !
    !
    interface Ethernet0
    ip address 192.168.100.254 255.255.255.0
    no ip proxy-arp
    !
    interface BRI0
    no ip address
    encapsulation ppp
    dialer pool-member 1
    isdn switch-type basic-net3
    ppp authentication chap pap callin
    ppp multilink
    !
    interface Dialer1
    description RCN
    ip unnumbered Ethernet0
    ip access-group 102 in
    ip access-group 101 out
    no ip proxy-arp
    encapsulation ppp
    no ip split-horizon
    dialer pool 1
    dialer remote-name TSCisco801
    dialer idle-timeout 120 either
    dialer string 01638xxxxxx class DialClass
    dialer hold-queue 10
    dialer load-threshold 10 either
    dialer-group 1
    pulse-time 0
    ppp authentication chap pap callin
    ppp chap hostname <username>
    ppp chap password <password>
    ppp pap sent-username <password>
    ppp multilink
    !
    interface Dialer2
    description Spicer1
    ip address 172.16.37.193 255.255.255.192
    ip broadcast-address 172.16.37.193
    ip access-group 102 in
    ip access-group 101 out
    no ip proxy-arp
    encapsulation ppp
    no ip split-horizon
    dialer pool 1
    dialer remote-name Spicer1
    dialer idle-timeout 120 either
    dialer string 01223xxxxxx class DialClass
    dialer hold-queue 10
    dialer load-threshold 10 either
    dialer-group 1
    pulse-time 0
    ppp authentication chap callin
    ppp chap hostname <username>
    ppp chap password <password>
    !
    router rip
    passive-interface Dialer1
    passive-interface Dialer2
    network 192.168.100.0
    !
    no ip http server
    ip classless
    ip route 192.168.179.0 255.255.255.0 Dialer1
    ip route 194.202.236.21 255.255.255.255 Dialer2
    !
    !
    map-class dialer DialClass
    access-list 18 permit 192.168.100.0 0.0.0.255
    access-list 101 deny udp any eq netbios-dgm any
    access-list 101 deny udp any eq netbios-ns any
    access-list 101 deny udp any eq netbios-ss any
    access-list 101 deny tcp any eq 137 any
    access-list 101 deny tcp any eq 138 any
    access-list 101 deny tcp any eq 139 any
    access-list 101 deny udp any any range netbios-ns netbios-ss
    access-list 101 deny tcp any any range 137 139
    access-list 101 deny udp any eq netbios-ns any eq domain
    access-list 101 permit ip any any time-range ETHERNET
    access-list 101 deny ip any any
    access-list 102 permit ip 192.168.179.0 0.0.0.255 any time-range
    TINDALLS
    access-list 102 permit ip host 194.202.236.24 any time-range TINDALLS
    access-list 102 permit ip host 194.202.236.23 any time-range TINDALLS
    access-list 102 permit ip host 194.202.236.21 any time-range TINDALLS
    access-list 102 permit ip host 194.202.236.22 any time-range TINDALLS
    access-list 102 deny ip any any
    access-list 111 permit ip any any time-range TIME
    access-list 111 permit icmp any any administratively-prohibited
    time-range TIME
    access-list 111 permit icmp any any echo time-range TIME
    access-list 111 permit icmp any any echo-reply time-range TIME
    access-list 111 permit icmp any any packet-too-big time-range TIME
    access-list 111 permit icmp any any time-exceeded time-range TIME
    access-list 111 permit icmp any any traceroute time-range TIME
    access-list 111 permit icmp any any unreachable time-range TIME
    access-list 111 deny ip any any
    dialer-list 1 protocol ip permit
    dialer-list 2 protocol ip list 101
    snmp-server chassis-id JAD06500KZJ
    banner incoming ^CC Unauthorised Access Prohibited ^C
    banner motd ^CMalcolm Andrew Officeteam.
    Intralink Router

    ******************************
    Unauthorised Access Prohibited
    ******************************
    ^C
    !
    line con 0
    exec-timeout 0 0
    stopbits 1
    line vty 0 4
    exec-timeout 0 0
    login local
    !
    sntp server 192.168.100.2
    time-range ETHERNET
    periodic daily 0:00 to 23:59
    !
    time-range TINDALLS
    periodic daily 0:00 to 23:59
    !
    end

    Any help with this would be much appreciated, seem to be almost there
    but have obviously missed something somewhere
     
    , Feb 17, 2005
    #1
    1. Advertising

  2. Guest

    I've managed to sort the ping problem...

    However the software I'm using is connecting on port 1028

    I can ping and telnet from my Alpha server to the remote machine but as
    soon as I try to connect using the EDI link it fails.

    I believe this is because of my ACL

    interface Dialer2
    description Spicer1
    ip address 172.16.37.193 255.255.255.192
    ip broadcast-address 172.16.37.195
    ip access-group 102 in
    ip access-group 101 out
    no ip proxy-arp
    ip nat outside
    encapsulation ppp
    no ip split-horizon
    dialer pool 1
    dialer remote-name Spicer1


    access-list 101 deny udp any eq netbios-dgm any
    access-list 101 deny udp any eq netbios-ns any
    access-list 101 deny udp any eq netbios-ss any
    access-list 101 deny tcp any eq 137 any
    access-list 101 deny tcp any eq 138 any
    access-list 101 deny tcp any eq 139 any
    access-list 101 deny udp any any range netbios-ns netbios-ss
    access-list 101 deny tcp any any range 137 139
    access-list 101 deny udp any eq netbios-ns any eq domain
    access-list 101 permit ip any any time-range ETHERNET
    access-list 101 deny ip any any
    access-list 102 permit ip 192.168.179.0 0.0.0.255 any time-range
    TINDALLS
    access-list 102 permit ip host 194.202.236.21 any time-range TINDALLS
    access-list 102 permit ip host 194.202.236.22 any time-range TINDALLS

    I can FTP telnet and ping but I think this is because the port number
    the edi software uses is above 1023

    Any sugestions on what ACL's I should create and how I apply them to
    the Dialer2 int would be good.

    Many Thanks

    Kevin






    wrote:
    > I have a CISCO 801 that has two dialer interfaces, dialer 1 works

    fine
    > no problem.
    >
    > Using Dialer 2 interface I can ping 194.202.236.21 from the 801 but
    > cannot ping it from elsewhere on my network.
    >
    > MACisco801#ping 194.202.236.21
    >
    > Type escape sequence to abort.
    > Sending 5, 100-byte ICMP Echos to 194.202.236.21, timeout is 2

    seconds:
    > !!!!!
    > Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60

    ms
    >
     
    , Feb 17, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?V0pQQw==?=

    Can not ping myself, but can ping others

    =?Utf-8?B?V0pQQw==?=, Dec 25, 2004, in forum: Wireless Networking
    Replies:
    6
    Views:
    5,986
    Chuck
    Dec 26, 2004
  2. Bob Simon
    Replies:
    8
    Views:
    7,177
    John Lamar
    Jan 19, 2005
  3. Sean Rima
    Replies:
    4
    Views:
    786
    Sean Rima
    Jun 18, 2005
  4. jorgeantibes

    I do ping others and viceversa but, cannot ping myself

    jorgeantibes, May 15, 2009, in forum: Wireless Networking
    Replies:
    0
    Views:
    574
    jorgeantibes
    May 15, 2009
  5. superkingkong
    Replies:
    2
    Views:
    1,831
    superkingkong
    Apr 17, 2010
Loading...

Share This Page