Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
414
Views
0
Helpful
6
Replies

Strange activity ping wise

Brent Rockburn
Level 2
Level 2

‎01-08-2009 11:48 AM - edited ‎03-04-2019 03:23 AM

I have an ASA that can't ping ip addresses that end with an even number. For instance I can ping 4.2.2.3 and 4.2.2.1 but can't ping 4.2.2.2 I've tried with different ip addresses but it's always the same result.

Any ideas?

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎01-08-2009 11:54 AM

Brent

My first suggestion would be to check and see if there is a route statement for network 4 that has an odd mask which might result in sending requests for addresses with even numbers on a different (invalid) path.

My second suggestion is that somewhere along the path someone has configured an access list to filter traffic with an unusual mask which permist only odd values.

Further question: is this just in 4.2.2, or just in 4, or does it impact other networks as well?

HTH

Rick

HTH

Rick
0 Helpful

Brent Rockburn
Level 2
Level 2
In response to Richard Burts

‎01-08-2009 12:03 PM

Hey Rick,

Thanks for the quick response.

The 4 network is just a network on the internet it does the same with any address that ends in an even octet.

My outside IP address is 64.221.173.98 and the mask is 255.255.255.240 which was provided to us by our ISP.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Brent Rockburn

‎01-08-2009 12:11 PM

Brent

So it has this behavior for any IP address in the Internet? Would you post the output of show route from the ASA?

HTH

Rick

HTH

Rick
0 Helpful

Brent Rockburn
Level 2
Level 2
In response to Richard Burts

‎01-08-2009 12:13 PM

US3432-asa# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 64.221.173.97 to network 0.0.0.0

C 64.221.173.96 255.255.255.240 is directly connected, outside

C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback

C 10.3.37.0 255.255.255.0 is directly connected, inside

S* 0.0.0.0 0.0.0.0 [1/0] via 64.221.173.97, outside

here you go

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Brent Rockburn

‎01-08-2009 12:17 PM

Brent

The easy problem would have been some odd thing in the routing table. But your table seems quite normal. So it must be something else. I wonder if there could be some translation issue or some access policy. Perhaps the best thing would be to ask you is you could post the config (sanitized of sensitive info such as passwords).

HTH

Rick

HTH

Rick
0 Helpful

Brent Rockburn
Level 2
Level 2
In response to Richard Burts

‎01-08-2009 12:32 PM

I moved the vpn server entry in the config to .13 on our network and it works fine ... I think it's an issue with the providers upstream router which is not a cisco box. They're going to call me to do some troubleshooting and I'll post what happens here.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card