05-29-2009 12:54 AM - edited 03-06-2019 05:59 AM
Hi,
I have a Cisco 857 router at a customer site. The router is online and connected to the internet. PC's in the local network can get an internet connection, but when I try and use one of the PC's to ping an external IP address, or domain name, the ping fails.
eg.
ping google.co.uk
or
ping 216.239.59.104
both give Request timed out, but the same PC can access google.
The router has a vpn connection to another site, this works as expected, and I can ping the internal IP address of PC's at the other site.
The router can also ping the external IP address of the office I work in.
Any ideas what could be causing this problem?
Thanks
Nick
Solved! Go to Solution.
05-29-2009 01:29 AM
sounds like ICMP is denied. post your config..
if you are using dialup, under the dialer interface make sure you have access-group to allow icmp
eg,
interface Dialer0
ip address negotiated
ip access-group 101 in
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxx@xxxx.xxclick.com
ppp chap password 0 xxxxxxx
access-list 100 permit ip any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
05-29-2009 01:29 AM
sounds like ICMP is denied. post your config..
if you are using dialup, under the dialer interface make sure you have access-group to allow icmp
eg,
interface Dialer0
ip address negotiated
ip access-group 101 in
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname xxxxxxx@xxxx.xxclick.com
ppp chap password 0 xxxxxxx
access-list 100 permit ip any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
06-02-2009 06:53 AM
Hi Thanks for the reply.
I already had an access-list 101, so I added the following commands.
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
This has now resolved the problem. Thanks for your help
Nick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: