Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
2
Replies

Unable to Ping

Go to solution
nickc1976
Level 1
Level 1

‎05-29-2009 12:54 AM - edited ‎03-06-2019 05:59 AM

Hi,

I have a Cisco 857 router at a customer site. The router is online and connected to the internet. PC's in the local network can get an internet connection, but when I try and use one of the PC's to ping an external IP address, or domain name, the ping fails.

eg.

ping google.co.uk

or

ping 216.239.59.104

both give Request timed out, but the same PC can access google.

The router has a vpn connection to another site, this works as expected, and I can ping the internal IP address of PC's at the other site.

The router can also ping the external IP address of the office I work in.

Any ideas what could be causing this problem?

Thanks

Nick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
francisco_1
Level 7
Level 7

‎05-29-2009 01:29 AM

sounds like ICMP is denied. post your config..

if you are using dialup, under the dialer interface make sure you have access-group to allow icmp

eg,

interface Dialer0

ip address negotiated

ip access-group 101 in

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxxxxxx@xxxx.xxclick.com

ppp chap password 0 xxxxxxx

access-list 100 permit ip any any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

View solution in original post

0 Helpful
2 Replies 2

Go to solution
francisco_1
Level 7
Level 7

‎05-29-2009 01:29 AM

sounds like ICMP is denied. post your config..

if you are using dialup, under the dialer interface make sure you have access-group to allow icmp

eg,

interface Dialer0

ip address negotiated

ip access-group 101 in

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname xxxxxxx@xxxx.xxclick.com

ppp chap password 0 xxxxxxx

access-list 100 permit ip any any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

0 Helpful

Go to solution
nickc1976
Level 1
Level 1
In response to francisco_1

‎06-02-2009 06:53 AM

Hi Thanks for the reply.

I already had an access-list 101, so I added the following commands.

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

This has now resolved the problem. Thanks for your help

Nick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card