Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping with source interface

Hi everyone,

We have a IPSec tunnel to the head office. Our local address pool is 10.0.0.0/24. In the router, when I ping a remote server (ping 192.168.1.1) it doesn't work. But when I ping with the source interface (bvi1 = 10.0.0.1/24), it works: ping 192.168.1.1 source bvi1.

Could you please tell me the difference between the two commands? And why can't I ping in the normal way? If a computer is in the 10.0.0.0/24 subnet, can it ping the remote server?

Thank you,

Triet

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Ping with source interface

It all depends what is in your crypto access-list. So if your crypto access-list reads something like

access-list 101 permit ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255 ( Router version )

or

access-list vpntraffic permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0 (Pix version )

then you need to generate the ping with a source IP address in the 10.0.0.x range. When you ping from the router without specifying the source interface the router will use it's outside interface. If the IP address of this outside interface is not in your crypto map access-list then it will not work.

Jon

2 REPLIES
Hall of Fame Super Blue

Re: Ping with source interface

It all depends what is in your crypto access-list. So if your crypto access-list reads something like

access-list 101 permit ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255 ( Router version )

or

access-list vpntraffic permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0 (Pix version )

then you need to generate the ping with a source IP address in the 10.0.0.x range. When you ping from the router without specifying the source interface the router will use it's outside interface. If the IP address of this outside interface is not in your crypto map access-list then it will not work.

Jon

New Member

Re: Ping with source interface

Thank you Jon. That's very clear explanation.

Triet

817
Views
0
Helpful
2
Replies
CreatePlease to create content