Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Juan Pablo Hidalgo Villacres
Juan Pablo Hidalgo Villacres
Community Member
‎02-08-2012 07:47 AM
‎02-08-2012 07:47 AM

Problem with ping to router LAN interface

Hi everybody,

I have one problem doing a ping to a router lan interface,

I have 3 routers (2801) connected between each other (separated 1 mile each), the link is established trough microwave signals (connected to the 2801 fast ethernet interfaces), every router has a connection to a LAN. One of them is located at headquarters.

Last thursday I replace one of the router with a cisco 2901, i configure the router with the same configuration that was on the 2801, i power up the router and the 2 link were up without problems.

One day after the noc called me to tell me that after i replace the router they can't ping the router IP lan interface on the new 2901 (before the replacement the ping was sucessful). I called one user the lan connected to that 2901, and they can do a ping to the router's LAN IP address.

I can ping the 2901 IP wan interfaces, I can ping the LAN users ip address, but i cannot ping the router LAN IP address, from my desktop, and neither the 2 routers 2801 connected to the 2901.

I show the configuration on the 2901, I couldn't change it because i didn't have time to do that, but i'll change the configuration to use ipsec tunnels.

The configuration as you can see, has a crypto map, but the acl used by the crypto map, only permits the interfaces ip address, so i think that doesn't work, so the traffic doesn't get encrypted, but i don't know if that is the problem why i can't do a ping to the lan interface.

incrypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp key 6 FgOYfLODWITGef`XfRghYLQaFgXShOEMf``SAAB address 10.10.10.2
!
!
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

!
crypto map SDM_CMAP_2 1 ipsec-isakmp
description Tunnel to10.10.10.2
set peer 10.10.10.2
set transform-set ESP-3DES-SHA1
match address 101
!
!
interface Tunnel1
ip address 10.0.0.9 255.255.255.252
ip mtu 1420
tunnel source GigabitEthernet0/1
tunnel destination 10.10.10.2
tunnel path-mtu-discovery
crypto map SDM_CMAP_2

interface GigabitEthernet0/0

ip address 172.16.20.200 255.255.255.192

description "Lan interface"

interface GigabitEthernet0/1
description HACIA GERENCIA GENERAL
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
crypto map SDM_CMAP_2
!

access-list 101 remark SDM_ACL Category=4

access-list 101 permit gre host 10.10.10.1 host 10.10.10.2

router eigrp 100

network 10.0.0.4 0.0.0.3

network 10.0.0.8 0.0.0.3

network 10.10.10.0 0.0.0.7

network 172.16.20.192 0.0.0.63

network 172.168.16.0 0.0.0.7

The 10.10.10.2 router has the same configuration.

any ideas?.. I know this configuration has some errors, but i didn't configure it, and for now i could not change it.

regards,

Juan Pablo

0 Helpful
Reply
5 REPLIES
Dejan Puhar
Dejan Puhar Cisco Employee
Cisco Employee
‎02-08-2012 12:39 PM
‎02-08-2012 12:39 PM

Problem with ping to router LAN interface

Hi Juan,

did you try to ping from this router to any of the 2801 but specifying the local LAN interface as s source?

What about when you do a tracerout from 2801 to this LAN?

Maybe you have some ARP entry stuck on one of the devices with a wrong entry. I am not sure what you have in between

cheers

Dejan

0 Helpful
Reply
ahmad82pkn
ahmad82pkn
Community Member
‎02-08-2012 03:31 PM
‎02-08-2012 03:31 PM

Problem with ping to router LAN interface

Reboot the switch connecting to router LAN interface, clear arp-cache of system from which you are trying to Ping LAN interface, looks like ping on Layer 2 is still searching for MAC address of previous router LAN interface.

0 Helpful
Reply
ebarticel
ebarticel Bronze
Bronze
‎02-08-2012 03:51 PM
‎02-08-2012 03:51 PM

Problem with ping to router LAN interface

What about network traffic between sites? Is going thru, or failing same as the pings?

Eugen

0 Helpful
Reply
Juan Pablo Hidalgo Villacres
Juan Pablo Hidalgo Villacres
Community Member
‎02-08-2012 04:04 PM
‎02-08-2012 04:04 PM

Problem with ping to router LAN interface

Thanks for your replies,

About your questions and suggestions,

i can't do ping from lan/wan interface on the other router.

The sites are forwarding traffice between them, I can do a ping to a desktop on the lan interface (example: 172.16.20.196).

The deskptops connected to the router lan interface (172.16.20.200) are able to do ping to that IP address, so rebooting the switch is not going to solve the problem, the problem is from the wan side.

Let's say that the router with the problem is R3, so R1 and R2 are the other routers, if i do the traceroute from one desktop connected on the R1 lan, its stays on R1, (display his IP address) but that's it. The routes on the routing table are correct.

Inclusive i debug icmp on R3, but i got nothing, so i think maybe the problem it is an arp entry or acl in the microwave equipment, that are bridges/routers.

if you have another advice, i'll be apreciated.

Regards,

0 Helpful
Reply
ebarticel
ebarticel Bronze
Bronze
‎02-08-2012 04:54 PM
‎02-08-2012 04:54 PM

Problem with ping to router LAN interface

Maybe configure an acl to replay to pings on R3, R1, and R2 just for testing puposes.

Example for R3:

access-list 101 permit icmp 172.16.20.0 0.0.0.255 any echo replay

and apply it to WAN interface out

Hope this helps

Eugen

0 Helpful
Reply
Latest Documents
PFRv3 channel state questions
Created by Vasilii Mikhailovskii on 04-23-2018 05:06 AM
0
0
0
0
This document gives several answers on frequently asked questions for PFRv3 channel state behavior. Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st... view more
VPN and static NAT problem
Created by Jacopo Belcredi on 04-23-2018 04:07 AM
0
0
0
0
Symptoms The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921). The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN. I couldn't connect to the hos... view more
Cisco ESW-520-24P Switch Configuration
Created by Kevin DeMott on 04-19-2018 01:49 PM
0
0
0
0
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers.  When we try to change the wiring and configuration, we run in to connectivity issues.  Attached is a des... view more
All Documents
1876
Views
0
Helpful
5
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
Glimpse of "EIGRP name mode configuration"
Created by ashirkar on 10-01-2013 02:06 AM
7
79
7
79
What happens, when router receives packet?
Created by ashirkar on 10-18-2012 03:19 AM
31
49
31
49
BLOG (No Title)
Created by Akula Jyoti Lakshmi on 08-09-2011 09:13 PM
15
43
15
43
All Blogs