Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Able to ping internet sites from router but not when using source as lan

Hi,

We have weird issue here where i am able to ping internet sites from the router but not when i give source as lan interface of router.

we have many sers effected with this they are able to access company network but not internet sites

4 REPLIES
New Member

Re: Able to ping internet sites from router but not when using s

Hi

Here is output ping to google.com ip

GY01-rt1#ping 74.125.93.147

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 74.125.93.147, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 780/784/788 ms

below is the extended ping

GY01-rt1#ping

Protocol [ip]:

Target IP address: 74.125.45.100

Repeat count [5]: 30

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: Y

Source address or interface: fastethernet0/1*************lan connection interface

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 30, 100-byte ICMP Echos to 74.125.45.100, timeout is 2 seconds:

Packet sent with a source address of 10.31.128.10

..............................

Many thanks

mahesh

Bronze

Re: Able to ping internet sites from router but not when using s

Hi,

This sounds like a NAT issue. Are you NATing your internal IPs to an internet routable address?

Please post your router configuration showing the interaces, NAT and ACLs applied.

Regards

New Member

Re: Able to ping internet sites from router but not when using s

Hi james,

issue is on and off.

it workks for few hours and then it stops.

I have attached router conifg.

thanks

Hall of Fame Super Bronze

Re: Able to ping internet sites from router but not when using s

Hi Mahesh,

You have several issues on this router.

1) Your IPSec configuration has an incorrect ACL. You configured for any packets sourcing from your LAN to be encrypted as it leaves the router on the WAN. You need to include just the interesting traffic on this ACL. If you need a guideline, use the ACL listed under 'NO-NAT' and the deny ACEs should be the permit ACEs under the IPSec ACL.

2) Your inside and outside interface have the 'ip nat outside|inside' commands missing.

As a side note, are you planning to have 2 IPSec Peers or just 1?

By creating a crypto map with a different name, your configuration will only allow you to have one IPSec peer.

HTH,

__

Edison.

132
Views
0
Helpful
4
Replies