cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6341
Views
0
Helpful
6
Replies

PING - one reply then nothing

jerry.mcrae
Level 1
Level 1

i have a DMZ setup off a PIX 515e with a 2950 switch. from the switch i cant ping any server and from one server to the other i can ping but i only get one successful reply then the other three fail. all devices are on the same vlan.

any ideas?

6 Replies 6

Edison Ortiz
Hall of Fame
Hall of Fame

Can we see the switch config?

Do you have any Firewall enabled on the server(s)?

Can you ping from the PIX successfully?

__

Edison.

Edison,

Jerry and I work together.

Here is the info

No firewall enabled on servers.

Yes, i can ping the servers from the PIX no pbloblem.

attached is the switch config

Very straightforward configuration.

Can you troubleshoot by isolating the connection by setting it up as server-to-server with a crossover cable hence bypassing the switch ?

I don't think the switch is preventing 2-way communication.

How about server-to-server connection other than the ping, does it work ?

i just connected the two servers via a crossover and they could ping each other fine. i also tried to browse from one server to the next via \\172.16.1.200\C$ and i get network path not found.

what debugs can i run to see the packets run through the switch or PIX?

thanks.

Kevin Dorrell
Level 10
Level 10

How long does it take for the connectivity to recover? That is, if you issue another ping command immediately, does the first one still get through and the rest fail?

This is very strange behavior, but I did see something similar recently in a lab. In my case, it was related to a stateful NAT scenario with asymetric routes. That is, the ping was going through one router of the NAT pair, and the response coming back through the other. I came to the conclusion it was an artifact of the timing of the handshake between the NAT routers.

Of course, your case may be for an entirely different reason, so it would be useful to have more detail.

Kevin Dorrell

Luxembourg

if i issue ping 10.10.5.x i get the one reply and wait three minuets i can run the ping again and get a successful reply.

if i run ping 10.10.5.x -t and let it run for at least three minutes i'll never get a successful reply. my PIX has a xlate timeout of 3 minutes.

i know this isnt the pix forum but i wonder if i change this "static (inside,DMZ1) 10.10.0.0 10.10.0.0 netmask 255.255.0.0" to this "static (inside,DMZ1) 10.10.5.0 10.10.5.0 netmask 255.255.0.0" will it help.

thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: