01-08-2009 11:48 AM - edited 03-04-2019 03:23 AM
I have an ASA that can't ping ip addresses that end with an even number. For instance I can ping 4.2.2.3 and 4.2.2.1 but can't ping 4.2.2.2 I've tried with different ip addresses but it's always the same result.
Any ideas?
01-08-2009 11:54 AM
Brent
My first suggestion would be to check and see if there is a route statement for network 4 that has an odd mask which might result in sending requests for addresses with even numbers on a different (invalid) path.
My second suggestion is that somewhere along the path someone has configured an access list to filter traffic with an unusual mask which permist only odd values.
Further question: is this just in 4.2.2, or just in 4, or does it impact other networks as well?
HTH
Rick
01-08-2009 12:03 PM
Hey Rick,
Thanks for the quick response.
The 4 network is just a network on the internet it does the same with any address that ends in an even octet.
My outside IP address is 64.221.173.98 and the mask is 255.255.255.240 which was provided to us by our ISP.
01-08-2009 12:11 PM
Brent
So it has this behavior for any IP address in the Internet? Would you post the output of show route from the ASA?
HTH
Rick
01-08-2009 12:13 PM
US3432-asa# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 64.221.173.97 to network 0.0.0.0
C 64.221.173.96 255.255.255.240 is directly connected, outside
C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
C 10.3.37.0 255.255.255.0 is directly connected, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 64.221.173.97, outside
here you go
01-08-2009 12:17 PM
Brent
The easy problem would have been some odd thing in the routing table. But your table seems quite normal. So it must be something else. I wonder if there could be some translation issue or some access policy. Perhaps the best thing would be to ask you is you could post the config (sanitized of sensitive info such as passwords).
HTH
Rick
01-08-2009 12:32 PM
I moved the vpn server entry in the config to .13 on our network and it works fine ... I think it's an issue with the providers upstream router which is not a cisco box. They're going to call me to do some troubleshooting and I'll post what happens here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: