Solved: Re: Can pin but cant be pinged!

vikrantarora · ‎09-05-2003

My computer (say A) has a static IP 204.142.253.65. I am able to telnet into the gateway at 204.142.253.254, PIX at 192.231.232.190 and the catalyst switch at 10.0.0.4.

But I can not ping myself form any of these devices. I tried releasing and renewing the IP, even changed the IP but still the same problem.

But If I got to a different computer (say B) in the network and login as myself, I get the IP 204.142.253.138 and now I can ping myself from the switch, router or the PIX.

I even tried to plug in the network cable of B into A, but still, I cant be pinged even though I can telnet into any of the devices/access internet.

Please help me troublehsoot.

Ricky.Rose · ‎09-10-2003

Do you have VPN client on this PC? It may be using a firewall. In my VPN client I have a INI file with the following entry:

StatefulFirewall=0

Could your's be set to 1?

View solution in original post

jcleary · ‎09-10-2003

If it is WIN XP you might have the firewall turned on

View solution in original post

thisisshanky · ‎09-10-2003

Lots of time, I have run into issues, like you can ping from the PC out, but cannot ping the PC from any of the other devices. I had my Win XP firewall ON on the LAN adapter, and it was blocking all pings inbound. So make sure if you have any of these firewall settings on, and if yes, turn it on, or allow inbound pings on the PC.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

View solution in original post

mark-obrien · ‎09-05-2003

Is your computer configured to not send ICMP echo replies?

vikrantarora · ‎09-05-2003

I dont know, is there a way to check it?

JBUIST · ‎09-05-2003

I would verify that the PIX allows outbound icmp packets to your workstation (204.142.253.65). To test you may want to create a rule that allows any protocol between 204.142.253.65 and 10.0.0.4. You also will want to make sure that your internal network has a route (most likely static) on the inside of your firewall to the 204.142.253.0 /? networks.

vikrantarora · ‎09-05-2003

If dont have anything specif for my machine on the PIX.

My first access-list is:

access-list acl_in permit icmp any any

Do i need a similar access-list on the outside interface as well?

Do you mean the following static command:

static (inside,outside) 204.142.253.0 204.142.253.0 netmask 255.255.255.0 0 0

I dont have any such command. The only statics I have are:

static (inside,outside) LotusSrv LotusSrv netmask 255.255.255.255 0 0

static (inside,outside) mail-81 mail-81 netmask 255.255.255.255 0 0

static (inside,outside) bookstore bookstore netmask 255.255.255.255 0 0

static (dmz:2,outside) venus venus netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.253.0 204.142.253.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.254.0 204.142.254.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.80.0 204.142.80.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.81.0 204.142.81.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 192.231.232.0 192.231.232.0 netmask 255.255.255.128 0 0

static (inside,dmz:2) DNS-ECC DNS-ECC netmask 255.255.255.255 0 0

static (inside,outside) mail-89 mail-89 netmask 255.255.255.255 0 0

static (inside,outside) websrv websrv netmask 255.255.255.255 0 0

static (inside,outside) DNS-ECC DNS-ECC netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.89.0 204.142.89.0 netmask 255.255.255.0 0 0

static (inside,outside) webcam1 webcam1 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.80.12 204.142.80.12 netmask 255.255.255.255 0 0

static (inside,outside) saturn saturn netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.191 204.142.253.191 netmask 255.255.255.255 0 0

static (statefailover,outside) 192.231.232.224 192.231.232.224 netmask 255.255.2

55.224 0 0

static (inside,outside) elecktra2 elecktra2 netmask 255.255.255.255 0 0

static (dmz:2,outside) elecktra elecktra netmask 255.255.255.255 0 0

static (inside,dmz:2) elecktra elecktra netmask 255.255.255.255 0 0

static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0

static (inside,outside) mobileman mobileman netmask 255.255.255.255 0 0

static (inside,outside) posadmin posadmin netmask 255.255.255.255 0 0

static (inside,outside) 204.142.89.227 204.142.89.227 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.227 204.142.253.227 netmask 255.255.255.255 0 0

static (inside,outside) seddiki seddiki netmask 255.255.255.255 0 0

static (inside,outside) 204.142.80.40 204.142.80.40 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.55 192.231.232.136 netmask 255.255.255.255 0 0

static (inside,outside) 192.231.232.136 204.142.253.55 netmask 255.255.255.255 0 0

JBUIST · ‎09-05-2003

Try this, run a tracert to 204.142.253.65 from inside your network. This will tell you were on the network your route is failing. From the router's prompt run this command, sh ip route 204.142.253.65 .. If the router does not have this network in it's table you will need to put a static route of ip route 204.142.253.0 255.255.255.255 NextHopAdd...

vikrantarora · ‎09-08-2003

I telnet into the Router 204.142.253.254 from my machine i.e. 204.142.253.65 and execute the commands as suggested by you.

Router-89-253#sh ip route 204.142.253.65

Routing entry for 204.142.253.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Vlan253

Route metric is 0, traffic share count is 1

Router-89-253#ping 204.142.253.65

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 204.142.253.65, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Router-89-253#

Router-89-253#traceroute 204.142.253.65

Type escape sequence to abort.

Tracing the route to 204.142.253.65

1 * * *

2 * * *

3 * * *

4 * * *

5 * * *

Appreciate your time and help.

Ricky.Rose · ‎09-10-2003

Do you have VPN client on this PC? It may be using a firewall. In my VPN client I have a INI file with the following entry:

StatefulFirewall=0

Could your's be set to 1?

vikrantarora · ‎09-10-2003

BINGO! it's such a relief being pinged. anyways what's the logic behind this. And also, FYI i unchecked the 'stateful firewall' from the options screen instead of digging for the .inf file.

Thanks a lot!!

jcleary · ‎09-10-2003

If it is WIN XP you might have the firewall turned on

thisisshanky · ‎09-10-2003

Lots of time, I have run into issues, like you can ping from the PC out, but cannot ping the PC from any of the other devices. I had my Win XP firewall ON on the LAN adapter, and it was blocking all pings inbound. So make sure if you have any of these firewall settings on, and if yes, turn it on, or allow inbound pings on the PC.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus