Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3242
Views
0
Helpful
8
Replies

Can ping from inside, but not from outside

Go to solution
sdross
Level 1
Level 1

‎08-25-2003 08:12 AM - edited ‎03-02-2019 09:51 AM

I have a couple of routers that have public ips and I can ping them from inside my network, but I cannot ping them from outside my network where I get internet connection. I have an IN access-list, but I am not blocking icmp or echo's. Any ideas?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
forbesl
Level 1
Level 1

‎08-27-2003 03:40 AM

Are you trying to ping your routers through the cloud? If so, there might be a node somewhere in the cloud that is blocking ICMP or echo requests. We ran into the same thing here. Our service provider recently started blocking ICMP requests. Try doing a trace route and see where it stops.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
paumercier
Level 1
Level 1

‎08-25-2003 12:26 PM

If icmp is not specifically permitted the default action will drop the packets. Can you post your acl, just put in bogus IPs when you post.

0 Helpful

Go to solution
sdross
Level 1
Level 1
In response to paumercier

‎08-26-2003 04:27 AM

Its fairly long and alot of editing but here is the bulk of it.

This is applied IN on the Internet side:

deny ip (our public space) any

deny ip (private addresses) any

deny ip (multicast and reserved space) any

deny ip host 255.255.255.255 any

deny tcp/udp any any eq (trojan ports)

deny udp any any eq snmp

deny udp any any eq 19

permit ip any any

0 Helpful

Go to solution
paumercier
Level 1
Level 1
In response to sdross

‎08-26-2003 11:00 AM

add

permit icmp any any

0 Helpful

Go to solution
Carlo Poggiarelli
VIP
VIP
In response to paumercier

‎08-27-2003 12:00 AM

Icmp is included in last entry of access-list because ip allows icmp too.

Did you try to unapply the acl from interfaces to test the reachability?

Let me know

Carlo

Please rate all helpful posts "The more you help the more you learn"
0 Helpful

Go to solution
forbesl
Level 1
Level 1

‎08-27-2003 03:40 AM

Are you trying to ping your routers through the cloud? If so, there might be a node somewhere in the cloud that is blocking ICMP or echo requests. We ran into the same thing here. Our service provider recently started blocking ICMP requests. Try doing a trace route and see where it stops.

0 Helpful

Go to solution
sdross
Level 1
Level 1
In response to forbesl

‎08-27-2003 07:03 AM

I can ping my routers that are connected through our own lines, however if I go out to ATT route server I cannot ping my edge or internal routers or any device off of them. I can trace out and in though.

0 Helpful

Go to solution
hakan.bjorlin
Level 1
Level 1
In response to sdross

‎08-27-2003 08:16 AM

Try to write "log" in the end of each line in the acl, ping the device and the do show access-list... and see which line that triggers. Might give you a clue..

0 Helpful

Go to solution
sdross
Level 1
Level 1
In response to forbesl

‎08-27-2003 11:30 AM

Thanks for all of the help. It was our provider that was blocking ICMP since the recent worm attacks and they forgot to remove it off of our interface.

0 Helpful
Customers Also Viewed These Support Documents