PING - one reply then nothing

Unanswered Question
Jan 9th, 2008

i have a DMZ setup off a PIX 515e with a 2950 switch. from the switch i cant ping any server and from one server to the other i can ping but i only get one successful reply then the other three fail. all devices are on the same vlan.

any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 01/09/2008 - 19:10

Can we see the switch config?

Do you have any Firewall enabled on the server(s)?

Can you ping from the PIX successfully?

__

Edison.

Zeek Ferraros Thu, 01/10/2008 - 10:23

Edison,

Jerry and I work together.

Here is the info

No firewall enabled on servers.

Yes, i can ping the servers from the PIX no pbloblem.

attached is the switch config

Attachment: 
Edison Ortiz Thu, 01/10/2008 - 10:52

Very straightforward configuration.

Can you troubleshoot by isolating the connection by setting it up as server-to-server with a crossover cable hence bypassing the switch ?

I don't think the switch is preventing 2-way communication.

How about server-to-server connection other than the ping, does it work ?

jerry.mcrae Tue, 01/15/2008 - 11:24

i just connected the two servers via a crossover and they could ping each other fine. i also tried to browse from one server to the next via \\172.16.1.200\C$ and i get network path not found.

what debugs can i run to see the packets run through the switch or PIX?

thanks.

Kevin Dorrell Fri, 01/11/2008 - 01:13

How long does it take for the connectivity to recover? That is, if you issue another ping command immediately, does the first one still get through and the rest fail?

This is very strange behavior, but I did see something similar recently in a lab. In my case, it was related to a stateful NAT scenario with asymetric routes. That is, the ping was going through one router of the NAT pair, and the response coming back through the other. I came to the conclusion it was an artifact of the timing of the handshake between the NAT routers.

Of course, your case may be for an entirely different reason, so it would be useful to have more detail.

Kevin Dorrell

Luxembourg

jerry.mcrae Tue, 01/15/2008 - 11:56

if i issue ping 10.10.5.x i get the one reply and wait three minuets i can run the ping again and get a successful reply.

if i run ping 10.10.5.x -t and let it run for at least three minutes i'll never get a successful reply. my PIX has a xlate timeout of 3 minutes.

i know this isnt the pix forum but i wonder if i change this "static (inside,DMZ1) 10.10.0.0 10.10.0.0 netmask 255.255.0.0" to this "static (inside,DMZ1) 10.10.5.0 10.10.5.0 netmask 255.255.0.0" will it help.

thanks.

Actions

This Discussion