Can't ping public ip address of E0 on 1750 router

Unanswered Question

Hi all. I can't ping the public ip address of a 1750 I can ping all internal ip addresses.

chr01rt01ec#sh run

Building configuration...

Current configuration : 3851 bytes


version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption


hostname chr01rt01ec


no logging on

enable password 7 xxxx


memory-size iomem 20

ip subnet-zero

no ip finger

no ip domain-lookup

ip host test 2005

ip dhcp excluded-address


ip dhcp pool charlotte

import all



domain-name xxxx



netbios-node-type h-node

lease 30


ip dhcp pool jdirect1


hardware-address 0030.c154.724b

client-name NPI54724b


ip dhcp pool jdirect2


hardware-address 0030.c153.bdbc

client-name NPI53bdbc


chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c



crypto isakmp policy 11

hash md5

authentication pre-share

crypto isakmp key xxxxx address public ip of PIX



crypto ipsec transform-set sharks esp-des esp-md5-hmac


crypto map nolan 11 ipsec-isakmp

set peer IP OF OUR PIX

set transform-set sharks

match address 121





interface Ethernet0

ip address Public IP assigned by isp

ip nat outside

no ip route-cache

no ip mroute-cache


crypto map nolan


interface FastEthernet0

ip address

ip helper-address

ip helper-address

ip helper-address

ip directed-broadcast

ip nat inside

no ip route-cache

no ip mroute-cache

speed auto


interface Async5

ip address

encapsulation ppp

keepalive 10

dialer in-band

dialer idle-timeout 300

dialer string xxxx

dialer-group 1


ppp authentication chap


interface Dialer1

no ip address

no cdp enable


router eigrp 100







no eigrp log-neighbor-changes


ip nat inside source route-map nonat interface Ethernet0 overload

ip kerberos source-interface any

ip classless

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip forward-protocol udp netbios-ss

ip forward-protocol udp 42508

ip route ip address of ISP gateway

ip route Async5 200

no ip http server


no logging trap

access-list 110 deny ip

access-list 110 deny ip

access-list 110 permit ip any

access-list 120 permit ip any

access-list 121 permit ip

access-list 121 permit ip

access-list 150 permit esp host public ip of PIX host xxxx

access-list 150 permit udp host public ip of PIX host xxxx eq isakmp

access-list 150 permit ip any

access-list 150 deny ip any any

priority-list 1 protocol ip high

dialer-list 1 protocol ip permit

route-map nonat permit 10

match ip address 110


banner motd ^CCC


Unauthorized access is prohibited

Violators will be prosecuted

Welcome to Charlotte



line con 0

password 7 xxxx


transport input none

line aux 0

password 7 xxxx

autoselect ppp

modem InOut

modem autoconfigure discovery

transport input all


speed 2400

flowcontrol hardware

line vty 0 4

password 7 xxxx



no scheduler allocate


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Fri, 06/08/2007 - 06:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Looking at the config there is not anything obvious that would stop ping to the public address of interface Ethernet 0. It would probably help if we knew a few more details such as where you are telnetting from.

I can guess at a few things which might turn out to be part of the problem.

- if you can ping the inside addresses but not the outside address, I wonder if you have a route to the outside address?

- I wonder if there could be a firewall or something doing traffic filtering that does permit ping to inside addresses but not to outside addresses?

- I wonder if the nat outside on the Ethernet 0 interface is getting your ping involved in NAT and preventing the ping from completing?

- I wonder whether the crypto map on Ethernet 0 is part of the problem?

As one way to investigate the problem you could turn on debug ip icmp. Then try the ping to the outside interface. The debug output should show whether the ping was received or not and whether a response was generated. If we knew this it would help us focus on the area where the problem is.



a.cruea1980 Fri, 06/08/2007 - 08:49
User Badges:
  • Bronze, 100 points or more

Try taking out the ip route that points to the ASync interface and see what happens. You'll have to clear out your NAT tables to be able to make sure things work properly.

smothuku Tue, 06/19/2007 - 21:57
User Badges:
  • Silver, 250 points or more

Hi ,

You can use the command "clear ip nat translations * " to clear nat table entries.




This Discussion