Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ping from WAN - Not from LAN

Hi All

Got a wierd issue ..

We have done re-addressing of a subnet say to a new IP range 10.x.x.x... everything works fine as expected. we defined 10.x.x.x as primary , and 172.16.10.x as secondary IP addresses on the VLAN, for migration purpose..

We have now migrated all IPs from 172.16.10.x to 10.x.x.x and wanted to delete the secondary IP range Just before deleting, I wanted to make sure we dont have any Iive IPs on that segment. I looked on the core switch (show arp), and made sure there are no ARP associations for 172.16.10.x IPs..

Just to confirm, Im also doing a scan from my laptop (solarwinds ip scan), through a WAN connection, and strangely found some random IPs responding.. for eg i can ping from my laptop from WAN, but not from LAN.. that IP never exists, but for some reason, im able to ping from my laptop in WAN. Can this be due to proxy arp on that vlan interface ? i have proxy arp enabled on the vlan SVI...

Will someone know the exact reason as to why IPs would not be reachable from LAN, and it responds randomly from WAN ? Can this be a bug ?

Note - there is no overlapping networks.. IPs are dedicated to that site.. when i do a tracert, it reaches the core switch of that site..


Everyone's tags (2)
Hall of Fame Super Silver

Re: Ping from WAN - Not from LAN

Hello Lavanya,

if pinging on the vlan side no host in 172.16.x.y net answers I would think no host is present.

the correct test is sh ip arp

if this show does not provide a MAC address there is no one there.

proxy-arp can help hosts that are in the vlan side to get router's mac address in answer to an ARP request.

but it does not imply that the router will answer to an ICMP echo request on behalf of an host on the lan segment.

you can use an ACL like

access-list 111 permit icmp host any

debug ip packet detail list 111

on the router.

(you may need to disable CEF if this is possible on the device, possible on a SW router it may be not possible on a multilayer switch)

Hope to help


New Member

Re: Ping from WAN - Not from LAN

Hi Guislar

Thanks for responding..

neither the show ip arp 172.16.x.x nor , show arp | incl vlanxxx shows me anything.. we are sure that the host is not present.. we cannot ping these IPs from the local segment or from the PCs locally..

its only that we were able to ping IPs random from a couple of locations over the WAN.. even now, am able to arbitarily ping, but there is no arp or the host doesnt exist on the destination VLAN !

When using solarwinds IP tracker, many a times i see bogus DNS names like "QUIN", "WENDAI" etc associated with IPs which are not reachable, but still showing it as reachable on solarwinds.. this might be a bug with solarwinds, but a normal ping from command prompt is now reachable.. its a puzzle to me !

Re: Ping from WAN - Not from LAN


a) what about some NAT forgotten somewhere in your network?

b) I'd try Wireshark capturing packets on your PC - it might show some details like TTL, adddresses in headers, etc.



New Member

Re: Ping from WAN - Not from LAN

Hi Milan

I dont think there are any NATs between the source and destination.. infact we removed the dhcp scope off the server, to make sure there are no hosts.. and still some vague responses.. i noticed the IPs start responding after i do a solarwinds ip scan for that subnet.. solarwinds gives wierd DNS names for these IPs which dont exist , but responds to ping as I do...

wierd !