Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ping request failure.

i have a branch located in one of the regional location. To connect my branch with my company network. i have taken mpls line from our service provider.

In my branch office i have installed a layer 3 switch. Since we want to segregate my lan. we have created a vlan in l3 switch named vlan 10. i am facing a problem to connect my vlan host to company network.

Switch configuration is below.

vlan 10 ip 172.16.10.1 255.255.254.0

Default route 0.0.0.0 0.0.0.0 192.168.9.1

port Fa0/1 ip 192.168.0.250/24- connecting to 192.168.9.1/24(ISP Router)

Host in vlan 10 ip 172.16.10.10 255.255.254.0

From switch i can able to ping company network host (172.16.0.11).

The ping request from 172.16.10.10 is failed to get response from 172.16.0.1

My firewall is NETASQ

On firewall we can see a log like icmp block to address 192.168.9.1.

Since ping request is generated by my host computer(172.16.10.10) and reply is going to 192.168.9.1(which is MPLS line from ISP). we cannot able to get ping response and firewall block the reply to be send

In  NETASQ firewall there in no such option to apply IPS as filter base policy.

Attaching network Diagram for the same

Kindly Suggest.

Your response is highly appreciated.

Everyone's tags (2)
6 REPLIES
Hall of Fame Super Silver

ping request failure.

Hello Dipak,

>> port Fa0/1 ip 192.168.0.250/24- connecting to 192.168.9.1/24(ISP Router)

they are not in the same IP subnet routing is broken, port fas0/1 should have ip address 192.168.9.250/24

Hope to help

Giuseppe

New Member

ping request failure.

Sorry for creating confusion

port Fa0/1 ip 192.168.9.250/24- connecting to 192.168.9.1/24(ISP Router)

Re: ping request failure.

which routes do you see on L3 switch that you have on Branch Office?

"show ip route "

New Member

Re: ping request failure.

C    192.168.9.0/24 is directly connected, FastEthernet0/47

C    172.16.10.0/23 is directly connected, Vlan 10

S*   0.0.0.0/0 [1/0] via 192.168.9.1

Re: ping request failure.

Ok. thats good as per what you said earlier. I just wanted to make it sure. So SP is using static routing for VRF.

On the firewall have you allowed the subnet 172.16.10.0/23 from outside to communitcate to inside? And Are you able to ping from 172.16.0.11 to 172.16.10.10 ??

Thanks,

Nandan Mathure

New Member

Re: ping request failure.

yes i have already allowed 172.16.10.0/23 on firewall. i cannot able to ping 172.16.10.10 and 172.16.10.1 from 172.16.0.11

423
Views
0
Helpful
6
Replies