Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
1
Replies

Can't ping ethernet interface...everything else responds

ryandm0tt
Level 1
Level 1

‎05-02-2008 06:45 AM - edited ‎03-05-2019 10:44 PM

I have a 7204VXR router at a remote site. We were running a vpn tunnel between the sites and removed the tunnel after we installed a checkpoint firewall. Now, we're tunneling via the firewall. The firewall sits between the router and the switch.

In the process of the switch, changed the ethernet IP of the router and assigned a new IP to the fast ethernet interface. The old IP has been reassigned to the Internal interface on the firewall. The router connects to the firewall via it's external interface. These two are on the same network.

The trouble is that we aren't able to ssh into the router nor gather any snmp data. We can ping the serial interface and the external interface on the firewall, but can't get a response from the ethernet interface itself.

The only other changes we made when we killed the old vpn tunnel was:

Removed the following lines:

Crypto isakmp policy XX

encr 3des

authentication pre-share

Crypto isakmp key XXXXXX address XXX.XXX.XX.13

!

Crypto ipsec transform-set XXXXX esp-3des esp-sha-hmac

!

crypto map KCM XX ipsec-isakmp

set peer XXX.XXX.XX.13

set transform-set XXXXXXX

match address XXX

Also, on the serial pt-to-pt int, we got rid of:

crypto map XXX

And, finally, we removed the extended ip access-list.

Any clues? I'm wondering if I need to redo the crypto for ssh?

One last thing...I can ping the interface from home with no problems. Makes me wonder if it's being blocked by the firewall here at the main bldg. I don't see any blocks, however.

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎05-02-2008 09:17 AM

Ryan

My guess based on the symptoms described so far is that something in the firewall is preventing the pinging.

As a test you could redo the crypto map. But I would be very surprised if it has any effect on these symptoms.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card