Strange activity ping wise

Unanswered Question
Jan 8th, 2009

I have an ASA that can't ping ip addresses that end with an even number. For instance I can ping and but can't ping I've tried with different ip addresses but it's always the same result.

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Thu, 01/08/2009 - 11:54


My first suggestion would be to check and see if there is a route statement for network 4 that has an odd mask which might result in sending requests for addresses with even numbers on a different (invalid) path.

My second suggestion is that somewhere along the path someone has configured an access list to filter traffic with an unusual mask which permist only odd values.

Further question: is this just in 4.2.2, or just in 4, or does it impact other networks as well?



Brent Rockburn Thu, 01/08/2009 - 12:03

Hey Rick,

Thanks for the quick response.

The 4 network is just a network on the internet it does the same with any address that ends in an even octet.

My outside IP address is and the mask is which was provided to us by our ISP.

Richard Burts Thu, 01/08/2009 - 12:11


So it has this behavior for any IP address in the Internet? Would you post the output of show route from the ASA?



Brent Rockburn Thu, 01/08/2009 - 12:13

US3432-asa# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is to network

C is directly connected, outside

C is directly connected, _internal_loopback

C is directly connected, inside

S* [1/0] via, outside

here you go

Richard Burts Thu, 01/08/2009 - 12:17


The easy problem would have been some odd thing in the routing table. But your table seems quite normal. So it must be something else. I wonder if there could be some translation issue or some access policy. Perhaps the best thing would be to ask you is you could post the config (sanitized of sensitive info such as passwords).



Brent Rockburn Thu, 01/08/2009 - 12:32

I moved the vpn server entry in the config to .13 on our network and it works fine ... I think it's an issue with the providers upstream router which is not a cisco box. They're going to call me to do some troubleshooting and I'll post what happens here.


This Discussion