Newbie Help - One way ping

Unanswered Question
Sep 12th, 2007

Good evening. I am a Cisco newbie and have a problem that is causing one of my users to not be able to do their job so I need help in the worst way. The user is on an XP/DHCP desktop. He can ping all the way to the Home Office but we cannot ping him, in fact the core switch at his location can't ping him. The firewall on his PC is disabled. The connectivity goes like this:

XP/DHCP Desktop > Catalyst Express Switch> 3560G-48 Switch > 2851 Router >Sprint MPLS > 3825 Router > 4507 Switch> XP/DHCP Laptop

The desktop at the remote site can ping all of the devices in between but none of the devices in between can ping him (I have not been able to verify the Catalyst Express because while I can bring up the web interface I don't see a way of pinging any device on it - however I have called the user and have disabled the port on the switch and re-enabled it and he saw the disconnection message on his desktop. I have also asked him to do a route print on the XP Desktop and I don't see anything funky with that. He is getting his DHCP address also.

Help !!!

Thanks in advance, I will greatly appreciate any help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
spremkumar Wed, 09/12/2007 - 19:18

hi

can you revert back with the ip address being assigned to the desktop and ip address of each devices shown in the line representation.

Also are you seeing proper route for the desktop from each respective points.

what about the arp table in the local switch ?

regds

JORGE RODRIGUEZ Wed, 09/12/2007 - 19:30

In addition to Edwin's remarks , do trace route from XP laptop to users XP/Desktop and see if trace-route stops at any point along the path.

paul.matthews Thu, 09/13/2007 - 00:02

If he can ping devices, the routing is there, as for him to get a response there is routing to get to the target device, and all devices have routes to get back to him. If there was a routing issue, he would not be able to ping, so something must be dropping the ICMP echos when targetting him, or the responses coming back. The alternative is that there is a discrepancy in information and the address you are using for him is incorrect in some way.

The two main things that may be filtering are firewalls and access list on routers.

The incorrect info - is there any chance something may be doing NAT? If something NATs his address, and it is not doing NAT with static 1:1 mapping, then it will be difficult to ping backwards through the NAT.

ROBERT ISAACS Thu, 09/13/2007 - 04:13

Thanks so much to all who replied. I appreciate you very much. The server people put out a Symantec upgrade and, although no other PC had such serious issues, we believe that somehow despite policy preventing it the Symantec firewall started up. The server folks tried to get the user to get into the firewall to shut it off (to no avail). They finally took ownership of the problem after hours of my troubleshooting time. If there is any "network" issue I will report it here. Thanks again to all!

RI

Actions

This Discussion