PING - one reply then nothing

Unanswered Question
Jan 9th, 2008
User Badges:

i have a DMZ setup off a PIX 515e with a 2950 switch. from the switch i cant ping any server and from one server to the other i can ping but i only get one successful reply then the other three fail. all devices are on the same vlan.

any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Wed, 01/09/2008 - 19:10
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Can we see the switch config?

Do you have any Firewall enabled on the server(s)?

Can you ping from the PIX successfully?



Zeek Ferraros Thu, 01/10/2008 - 10:23
User Badges:


Jerry and I work together.

Here is the info

No firewall enabled on servers.

Yes, i can ping the servers from the PIX no pbloblem.

attached is the switch config

Edison Ortiz Thu, 01/10/2008 - 10:52
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Very straightforward configuration.

Can you troubleshoot by isolating the connection by setting it up as server-to-server with a crossover cable hence bypassing the switch ?

I don't think the switch is preventing 2-way communication.

How about server-to-server connection other than the ping, does it work ?

jerry.mcrae Tue, 01/15/2008 - 11:24
User Badges:

i just connected the two servers via a crossover and they could ping each other fine. i also tried to browse from one server to the next via \\\C$ and i get network path not found.

what debugs can i run to see the packets run through the switch or PIX?


Kevin Dorrell Fri, 01/11/2008 - 01:13
User Badges:
  • Green, 3000 points or more

How long does it take for the connectivity to recover? That is, if you issue another ping command immediately, does the first one still get through and the rest fail?

This is very strange behavior, but I did see something similar recently in a lab. In my case, it was related to a stateful NAT scenario with asymetric routes. That is, the ping was going through one router of the NAT pair, and the response coming back through the other. I came to the conclusion it was an artifact of the timing of the handshake between the NAT routers.

Of course, your case may be for an entirely different reason, so it would be useful to have more detail.

Kevin Dorrell


jerry.mcrae Tue, 01/15/2008 - 11:56
User Badges:

if i issue ping 10.10.5.x i get the one reply and wait three minuets i can run the ping again and get a successful reply.

if i run ping 10.10.5.x -t and let it run for at least three minutes i'll never get a successful reply. my PIX has a xlate timeout of 3 minutes.

i know this isnt the pix forum but i wonder if i change this "static (inside,DMZ1) netmask" to this "static (inside,DMZ1) netmask" will it help.



This Discussion