Cisco IOS 12.2 - Enabling ICMP echo + echoreply on eth0

Discussion in 'Cisco' started by Yvick Miossec, Feb 4, 2004.

  1. Hello,

    I have configured routers (Cisco 831s) across europe to communicate
    via VPN tunnels with a Cisco 2600 located at main office. Everthing is
    OK but I cannot for the life of me get pings to work within the
    tunnels.

    I can ping any outside networks, and the public IPs assigned to any
    router from anywhere, but pings from within a router to a lan
    interface on another router does not work. Debug ICMP shows nothing on
    either source or destination router, which leads me to beleive that
    the ICMP messages are trapped somehow from within the IOS before they
    reach the relevant interface.

    No ACL is configured on the LAN interface since we firewall the entire
    VPN trafic from inside main office.

    The strangest thing is that host from either side of VPN tunnels can
    ping each other. This phenomenon is only from one router to another.

    Is this an implicit Cisco behaviour when no ACL are specified on the
    LAN interface ?

    Thanks for your attention ...

    Yvick Miossec
    IT / iMedia / Paris / France
     
    Yvick Miossec, Feb 4, 2004
    #1
    1. Advertising

  2. without a config it is hard to say what your problem is, but I think you
    should use an extented ping a give the ping another source
    address/interface.

    Yvick Miossec schrieb:
    > Hello,
    >
    > I have configured routers (Cisco 831s) across europe to communicate
    > via VPN tunnels with a Cisco 2600 located at main office. Everthing is
    > OK but I cannot for the life of me get pings to work within the
    > tunnels.
    >
    > I can ping any outside networks, and the public IPs assigned to any
    > router from anywhere, but pings from within a router to a lan
    > interface on another router does not work. Debug ICMP shows nothing on
    > either source or destination router, which leads me to beleive that
    > the ICMP messages are trapped somehow from within the IOS before they
    > reach the relevant interface.
    >
    > No ACL is configured on the LAN interface since we firewall the entire
    > VPN trafic from inside main office.
    >
    > The strangest thing is that host from either side of VPN tunnels can
    > ping each other. This phenomenon is only from one router to another.
    >
    > Is this an implicit Cisco behaviour when no ACL are specified on the
    > LAN interface ?
    >
    > Thanks for your attention ...
    >
    > Yvick Miossec
    > IT / iMedia / Paris / France
     
    Helmut Ulrich, Feb 4, 2004
    #2
    1. Advertising

  3. Yvick Miossec

    Hansang Bae Guest

    In article <>,
    says...
    > I have configured routers (Cisco 831s) across europe to communicate
    > via VPN tunnels with a Cisco 2600 located at main office. Everthing is
    > OK but I cannot for the life of me get pings to work within the
    > tunnels.
    > I can ping any outside networks, and the public IPs assigned to any
    > router from anywhere, but pings from within a router to a lan
    > interface on another router does not work. Debug ICMP shows nothing on
    > either source or destination router, which leads me to beleive that
    > the ICMP messages are trapped somehow from within the IOS before they
    > reach the relevant interface.
    > No ACL is configured on the LAN interface since we firewall the entire
    > VPN trafic from inside main office.
    > The strangest thing is that host from either side of VPN tunnels can
    > ping each other. This phenomenon is only from one router to another.
    > Is this an implicit Cisco behaviour when no ACL are specified on the
    > LAN interface ?


    What does your ACL (for the IPSec) look like? Remember that routers
    will use the closest exit interface as the source for the ICMPs (unless
    you specify different)


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Feb 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jesper Jenssen

    Basic question: Pix & ICMP echo replies

    Jesper Jenssen, Nov 21, 2003, in forum: Cisco
    Replies:
    3
    Views:
    7,075
    Walter Roberson
    Nov 21, 2003
  2. craig judd

    echo echo echo

    craig judd, Sep 23, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    527
    Miggsee
    Sep 23, 2003
  3. cc

    ICMP Echo

    cc, Apr 2, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    1,889
    Palindrome
    Apr 2, 2004
  4. cc

    ICMP Echo

    cc, Apr 4, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    585
  5. cc

    ICMP Echo

    cc, Apr 4, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    888
Loading...

Share This Page