Weird routing issue regarding billmelater.com

Unanswered Question
Feb 25th, 2014
User Badges:

Hello, have had this issue for a while I assume.  But in any case, we have a Cisco ASR 1002 on the edge that does our routing and NAT, behind that we have a Cisco ASA 5585-X and then our LAN. 


Trying ping 208.76.142.234 fails from my desktop behind the firewall, although I see the flow being created in the log for the ICMP packet.  I also see the NAT translation on the edge router happening using show ip nat trans | inc 208.76.142.234. 

I can however ping this IP from the edge router and the firewall. 


I am attaching a doc that explains it better.  You can also normally ping this IP from any other location, ex my cell phone.




Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vasilii Mikhail... Tue, 02/25/2014 - 23:37
User Badges:
  • Gold, 750 points or more

Hello, Jeremy.


I guess your ASA could have/miss ACL that blocked ICMP echo-reply back to LAN (inspect icmp could be one more way to fix the issue).


PS: it's a little strange that you run NAT on ASR and not ASA device.

Jeremy Gibbs Thu, 02/27/2014 - 09:38
User Badges:

Here is a packet cap from the ASR.  Looks like someone is dropping our traffic..


Screen Shot 2014-02-27 at 12.37.44 PM.png

Actions

This Discussion