Can't ping public ip address of E0 on 1750 router

Unanswered Question

Hi all. I can't ping the public ip address of a 1750 I can ping all internal ip addresses.

chr01rt01ec#sh run

Building configuration...

Current configuration : 3851 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname chr01rt01ec

!

no logging on

enable password 7 xxxx

!

memory-size iomem 20

ip subnet-zero

no ip finger

no ip domain-lookup

ip host test 2005 192.168.18.1

ip dhcp excluded-address 192.168.18.1 192.168.18.20

!

ip dhcp pool charlotte

import all

network 192.168.18.0 255.255.255.0

default-router 192.168.18.1

domain-name xxxx

dns-server 172.17.2.60

netbios-name-server 172.17.2.60 172.17.2.30

netbios-node-type h-node

lease 30

!

ip dhcp pool jdirect1

host 192.168.18.20 255.255.255.0

hardware-address 0030.c154.724b

client-name NPI54724b

!

ip dhcp pool jdirect2

host 192.168.18.19 255.255.255.0

hardware-address 0030.c153.bdbc

client-name NPI53bdbc

!

chat-script modem ABORT ERROR "" "ATDT\T" TIMEOUT 60 CONNECT \c

!

!

crypto isakmp policy 11

hash md5

authentication pre-share

crypto isakmp key xxxxx address public ip of PIX

!

!

crypto ipsec transform-set sharks esp-des esp-md5-hmac

!

crypto map nolan 11 ipsec-isakmp

set peer IP OF OUR PIX

set transform-set sharks

match address 121

!

!

!

!

interface Ethernet0

ip address Public IP assigned by isp 255.255.255.248

ip nat outside

no ip route-cache

no ip mroute-cache

half-duplex

crypto map nolan

!

interface FastEthernet0

ip address 192.168.18.1 255.255.255.0

ip helper-address 172.17.2.30

ip helper-address 172.17.2.255

ip helper-address 172.17.255.255

ip directed-broadcast

ip nat inside

no ip route-cache

no ip mroute-cache

speed auto

!

interface Async5

ip address 170.1.1.18 255.255.255.0

encapsulation ppp

keepalive 10

dialer in-band

dialer idle-timeout 300

dialer string xxxx

dialer-group 1

fair-queue

ppp authentication chap

!

interface Dialer1

no ip address

no cdp enable

!

router eigrp 100

network 65.0.0.0

network 170.1.0.0

network 172.20.0.0

network 172.21.0.0

network 192.168.18.0

auto-summary

no eigrp log-neighbor-changes

!

ip nat inside source route-map nonat interface Ethernet0 overload

ip kerberos source-interface any

ip classless

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip forward-protocol udp netbios-ss

ip forward-protocol udp 42508

ip route 0.0.0.0 0.0.0.0 ip address of ISP gateway

ip route 0.0.0.0 0.0.0.0 Async5 200

no ip http server

!

no logging trap

access-list 110 deny ip 192.168.18.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 110 deny ip 192.168.18.0 0.0.0.255 172.17.0.0 0.0.255.255

access-list 110 permit ip 192.168.18.0 0.0.0.255 any

access-list 120 permit ip 192.168.18.0 0.0.0.255 any

access-list 121 permit ip 192.168.18.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 121 permit ip 192.168.18.0 0.0.0.255 172.17.0.0 0.0.255.255

access-list 150 permit esp host public ip of PIX host xxxx

access-list 150 permit udp host public ip of PIX host xxxx eq isakmp

access-list 150 permit ip any 192.168.18.0 0.0.0.255

access-list 150 deny ip any any

priority-list 1 protocol ip high

dialer-list 1 protocol ip permit

route-map nonat permit 10

match ip address 110

!

banner motd ^CCC

xxxxxx

Unauthorized access is prohibited

Violators will be prosecuted

Welcome to Charlotte

^C

!

line con 0

password 7 xxxx

login

transport input none

line aux 0

password 7 xxxx

autoselect ppp

modem InOut

modem autoconfigure discovery

transport input all

autohangup

speed 2400

flowcontrol hardware

line vty 0 4

password 7 xxxx

login

!

no scheduler allocate

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 06/08/2007 - 06:58

Looking at the config there is not anything obvious that would stop ping to the public address of interface Ethernet 0. It would probably help if we knew a few more details such as where you are telnetting from.

I can guess at a few things which might turn out to be part of the problem.

- if you can ping the inside addresses but not the outside address, I wonder if you have a route to the outside address?

- I wonder if there could be a firewall or something doing traffic filtering that does permit ping to inside addresses but not to outside addresses?

- I wonder if the nat outside on the Ethernet 0 interface is getting your ping involved in NAT and preventing the ping from completing?

- I wonder whether the crypto map on Ethernet 0 is part of the problem?

As one way to investigate the problem you could turn on debug ip icmp. Then try the ping to the outside interface. The debug output should show whether the ping was received or not and whether a response was generated. If we knew this it would help us focus on the area where the problem is.

HTH

Rick

a.cruea1980 Fri, 06/08/2007 - 08:49

Try taking out the ip route that points to the ASync interface and see what happens. You'll have to clear out your NAT tables to be able to make sure things work properly.

Actions

This Discussion