Unable to ping local interface. C3640 IOS v12.2

Unanswered Question
Oct 29th, 2009

I am having trouble seeing why I am unable to ping an interface that is local to the router while in an SSH session on the router. Although we are doing some policy based routing I can not figure out why I can not get a reply from the local interface. I do not see and traffic transverse the only connected firewall when I ping.

Here is the network portion of the config.

Network Config (Cisco IOS version 12.2)

interface FastEthernet0/0

description 4d-wifi-fa0.0

ip address 65.77.28.83 255.255.255.248 secondary

ip address 65.77.28.84 255.255.255.248 secondary

ip address 65.77.28.85 255.255.255.248 secondary

ip address 65.77.28.82 255.255.255.248

no ip proxy-arp

ip nat outside

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

description ATT-T1-inside

ip address 70.233.236.193 255.255.255.192

ip broadcast-address 70.233.236.255

no ip proxy-arp

ip nat inside

ip policy route-map outWifi

duplex auto

speed auto

!

interface Serial0/1

no ip address

no ip proxy-arp

encapsulation frame-relay IETF

no ip route-cache

no ip mroute-cache

frame-relay lmi-type ansi

!

interface Serial0/1.779 point-to-point

description ATT-T1-outside

bandwidth 1536

ip address 70.254.247.230 255.255.255.252

no ip route-cache

no ip mroute-cache

frame-relay interface-dlci 779

!

ip nat inside source static 70.233.236.218 65.77.28.85

ip nat inside source static 70.233.236.201 65.77.28.84

ip nat inside source static 70.233.236.200 65.77.28.83

ip nat inside source static 70.233.236.213 65.77.28.82

ip classless

ip route 0.0.0.0 0.0.0.0 70.254.247.229

no ip http server

!

access-list 1 permit 70.233.236.213

access-list 2 permit 70.233.236.200

access-list 3 permit 70.233.236.201

access-list 4 permit 70.233.236.218

access-list 5 permit 65.64.77.98

!

route-map outWifi permit 13

match ip address 1 2 3 4

set ip next-hop 65.77.28.81

-----------------------------------------

PING Testing

okc-rtr-c3640#ping 65.77.28.81 source 70.233.236.193

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 65.77.28.81, timeout is 2 seconds:

Packet sent with a source address of 70.233.236.193

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/44 ms

okc-rtr-c3640#ping 65.77.28.81 source FastEthernet 0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 65.77.28.81, timeout is 2 seconds:

Packet sent with a source address of 65.77.28.82

.....

Success rate is 0 percent (0/5)

okc-rtr-c3640#ping 65.77.28.82 source FastEthernet 0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 65.77.28.82, timeout is 2 seconds:

Packet sent with a source address of 65.77.28.82

.....

Success rate is 0 percent (0/5)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
Giuseppe Larosa Sun, 11/01/2009 - 01:40

Hello Jess,

what happens if you remove the line:

ip nat inside source static 70.233.236.213 65.77.28.82

the ping results change?

Hope to help

Giuseppe

netjess Mon, 11/02/2009 - 08:21

Removing the NAT allows the ping. What I don't understand is why the NAT would affect the ping of a local interface. I also tried (from terminal session on the router) pinging 70.233.236.213 and that fails. pinging 65.77.28.82 from an outside source is successful.

Actions

This Discussion