cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
537
Views
0
Helpful
3
Replies

Ping request timedout between Main and DR site

arumugasamy
Level 1
Level 1

Dear Pros,

We have the network designed and running as below.

Main site:

Dual core 6500 as distribution switch

Fwsm as front end firewall

MPLS WAN router

DR site:

MPLS WAN router

LAN 3560 switch connecting local PCs and servers

When we ping the server in DR site from Main site , we are getting 4 ping Request Timeout for every 30 minutes.

The packet flows is as below

Main sitePC-Core switch-FWSM-MPLS Router-ISP WAN cloud-DR MPLS router-DR switch-server.

I want to troubleshoot that where in the transsit path 4 icmp packet drops.In order to resolve this issue, i setup my home lab with some of L3 3550 switch and 3700 router. I want to apply debug ip packet details cmd on 3550 switch and 3700 router then monitor the packet flow between 2 pcs connected end to end. When I run the debug ip packet cmd on switch and router I can not see any console message for the packet flow transiting the device but if I ping switch or router interface then I could see the console message with d=x.x.x.x as local switch/router interface IP but not the transit traffic.

Also could you give the ASA or FWSM packet tracer feature to troubleshooting the packet flow thro the FWSM .

Thanks

3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

When I run the debug ip packet cmd on switch and router I can not see any console message for the packet flow transiting the device but if I ping switch or router interface then I could see the console message with d=x.x.x.x as local switch/router interface IP but not the transit traffic.

You need to disable ip route-cache and ip route-cache cef from the transit interfaces in order to see these packets on the debug.

Make sure to enable those features back once the debug is completed as the router will produce higher throughput with fast-switching and CEF turned on.

As for the ASA and FWSM query, please repost in the security section.

Regards

Edison.

Mr.Edison,

Thanks for info.You said that fast switching to diaabled on transit interfaces.

In my scenarios, Main site PC connected to core switch vlan 511. The core switch port in vlan 512 conected to FWSM  then  outside fwsm  VLAN 513 connected to MPLS router.

I applied "no ip route-cache" on vlan 511, the port Main PC connected. Even after that I cound not see any transit traffic through the core switch.

If I tried to apply no ip route-cache on Main PC connected access port but the cmd not available.

Thanks

I didn't recommend doing this on the switch. On a switch, the packets will be Layer3 switched.

You need to do this on the router and you need 2 commands

no ip route-cache

and

no ip route-cache cef

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco