Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can pin but cant be pinged!

My computer (say A) has a static IP 204.142.253.65. I am able to telnet into the gateway at 204.142.253.254, PIX at 192.231.232.190 and the catalyst switch at 10.0.0.4.

But I can not ping myself form any of these devices. I tried releasing and renewing the IP, even changed the IP but still the same problem.

But If I got to a different computer (say B) in the network and login as myself, I get the IP 204.142.253.138 and now I can ping myself from the switch, router or the PIX.

I even tried to plug in the network cable of B into A, but still, I cant be pinged even though I can telnet into any of the devices/access internet.

Please help me troublehsoot.

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Can pin but cant be pinged!

Do you have VPN client on this PC? It may be using a firewall. In my VPN client I have a INI file with the following entry:

StatefulFirewall=0

Could your's be set to 1?

New Member

Re: Can pin but cant be pinged!

If it is WIN XP you might have the firewall turned on

Re: Can pin but cant be pinged!

Lots of time, I have run into issues, like you can ping from the PC out, but cannot ping the PC from any of the other devices. I had my Win XP firewall ON on the LAN adapter, and it was blocking all pings inbound. So make sure if you have any of these firewall settings on, and if yes, turn it on, or allow inbound pings on the PC.

10 REPLIES
Bronze

Re: Can pin but cant be pinged!

Is your computer configured to not send ICMP echo replies?

New Member

Re: Can pin but cant be pinged!

I dont know, is there a way to check it?

New Member

Re: Can pin but cant be pinged!

I would verify that the PIX allows outbound icmp packets to your workstation (204.142.253.65). To test you may want to create a rule that allows any protocol between 204.142.253.65 and 10.0.0.4. You also will want to make sure that your internal network has a route (most likely static) on the inside of your firewall to the 204.142.253.0 /? networks.

New Member

Re: Can pin but cant be pinged!

If dont have anything specif for my machine on the PIX.

My first access-list is:

access-list acl_in permit icmp any any

Do i need a similar access-list on the outside interface as well?

Do you mean the following static command:

static (inside,outside) 204.142.253.0 204.142.253.0 netmask 255.255.255.0 0 0

I dont have any such command. The only statics I have are:

static (inside,outside) LotusSrv LotusSrv netmask 255.255.255.255 0 0

static (inside,outside) mail-81 mail-81 netmask 255.255.255.255 0 0

static (inside,outside) bookstore bookstore netmask 255.255.255.255 0 0

static (dmz:2,outside) venus venus netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.253.0 204.142.253.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.254.0 204.142.254.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.80.0 204.142.80.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 204.142.81.0 204.142.81.0 netmask 255.255.255.0 0 0

static (inside,dmz:2) 192.231.232.0 192.231.232.0 netmask 255.255.255.128 0 0

static (inside,dmz:2) DNS-ECC DNS-ECC netmask 255.255.255.255 0 0

static (inside,outside) mail-89 mail-89 netmask 255.255.255.255 0 0

static (inside,outside) websrv websrv netmask 255.255.255.255 0 0

static (inside,outside) DNS-ECC DNS-ECC netmask 255.255.255.255 0 0

static (inside,dmz:2) 204.142.89.0 204.142.89.0 netmask 255.255.255.0 0 0

static (inside,outside) webcam1 webcam1 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.80.12 204.142.80.12 netmask 255.255.255.255 0 0

static (inside,outside) saturn saturn netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.191 204.142.253.191 netmask 255.255.255.255 0 0

static (statefailover,outside) 192.231.232.224 192.231.232.224 netmask 255.255.2

55.224 0 0

static (inside,outside) elecktra2 elecktra2 netmask 255.255.255.255 0 0

static (dmz:2,outside) elecktra elecktra netmask 255.255.255.255 0 0

static (inside,dmz:2) elecktra elecktra netmask 255.255.255.255 0 0

static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0

static (inside,outside) mobileman mobileman netmask 255.255.255.255 0 0

static (inside,outside) posadmin posadmin netmask 255.255.255.255 0 0

static (inside,outside) 204.142.89.227 204.142.89.227 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.227 204.142.253.227 netmask 255.255.255.255 0 0

static (inside,outside) seddiki seddiki netmask 255.255.255.255 0 0

static (inside,outside) 204.142.80.40 204.142.80.40 netmask 255.255.255.255 0 0

static (inside,outside) 204.142.253.55 192.231.232.136 netmask 255.255.255.255 0 0

static (inside,outside) 192.231.232.136 204.142.253.55 netmask 255.255.255.255 0 0

New Member

Re: Can pin but cant be pinged!

Try this, run a tracert to 204.142.253.65 from inside your network. This will tell you were on the network your route is failing. From the router's prompt run this command, sh ip route 204.142.253.65 .. If the router does not have this network in it's table you will need to put a static route of ip route 204.142.253.0 255.255.255.255 NextHopAdd...

New Member

Re: Can pin but cant be pinged!

I telnet into the Router 204.142.253.254 from my machine i.e. 204.142.253.65 and execute the commands as suggested by you.

Router-89-253#sh ip route 204.142.253.65

Routing entry for 204.142.253.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Vlan253

Route metric is 0, traffic share count is 1

Router-89-253#ping 204.142.253.65

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 204.142.253.65, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Router-89-253#

Router-89-253#traceroute 204.142.253.65

Type escape sequence to abort.

Tracing the route to 204.142.253.65

1 * * *

2 * * *

3 * * *

4 * * *

5 * * *

Appreciate your time and help.

New Member

Re: Can pin but cant be pinged!

Do you have VPN client on this PC? It may be using a firewall. In my VPN client I have a INI file with the following entry:

StatefulFirewall=0

Could your's be set to 1?

New Member

Re: Can pin but cant be pinged!

BINGO! it's such a relief being pinged. anyways what's the logic behind this. And also, FYI i unchecked the 'stateful firewall' from the options screen instead of digging for the .inf file.

Thanks a lot!!

New Member

Re: Can pin but cant be pinged!

If it is WIN XP you might have the firewall turned on

Re: Can pin but cant be pinged!

Lots of time, I have run into issues, like you can ping from the PC out, but cannot ping the PC from any of the other devices. I had my Win XP firewall ON on the LAN adapter, and it was blocking all pings inbound. So make sure if you have any of these firewall settings on, and if yes, turn it on, or allow inbound pings on the PC.

194
Views
0
Helpful
10
Replies
CreatePlease login to create content