Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

250 for 1 Ping

Looking at some unusual ICMP traffic that was being reported by our MARS box.  The MARS is primarily reporting on VPN clients so I set up a capture on the inside interface of one of the ASAs and pinged an address from my PC.

On the PC ( I see


Pinging with 32 bytes of data:

Reply from TTL expired in transit.
Reply from TTL expired in transit.
Reply from TTL expired in transit.
Reply from TTL expired in transit.

Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

On my capture on the ASAA I get 1010 of these

1384: 21:15:21.207859 > icmp: echo request
1385: 21:15:21.208042 > icmp: echo request
1386: 21:15:21.208073 > icmp: echo request
1387: 21:15:21.208180 > icmp: echo request
1388: 21:15:21.208225 > icmp: echo request
1389: 21:15:21.208286 > icmp: echo request
1390: 21:15:21.208317 > icmp: echo request
1391: 21:15:21.208378 > icmp: echo request
1392: 21:15:21.208409 > icmp: echo request

The basic path is connects to a Cat3560 which connects to a Cat 6513 running 12.2(17r)S4- The ASA connects to a Cat 3560 which connect to a Cat 6513 running 12.2(18)SXF16 and the two Cat 6513 are connected with a 10gig connection.  The address is the default gateway for the ASA which resides on the Cat 6513 that the ASA's Cat 3560 connects to.  The default gateway for the PC is on the Cat 6513 that the PC's Cat 3560 connects to.

So the question is what generated the 1010 pings for the 4 that were sent?  Wireshark on the PC shows only the four pings.


Re: 250 for 1 Ping


I guess there's a routing loop causing each ICMP Echo packet passing your ASA 253times before the TTL expires.



CreatePlease to create content