Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to ping myself

I'm running a Cisco 1811 and getting my IP address from the CableModem (OOL).

The router is at 192.168.1.1 and also has its public IP from the CableModem.

From the Router I can ping myself via 192.168.1.1, but I can't ping myself if I use my public IP which is assigned via DHCP I believe.

This is my ACL for FE0 in (CableModem):

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 permit tcp host x.x.x.x any

access-list 101 permit udp host x.x.251.5 eq domain any

access-list 101 permit tcp host x.x.251.5 eq domain any

access-list 101 permit udp host x.x.x.69 eq domain any

access-list 101 permit tcp host x.x.x.69 eq domain any

access-list 101 permit tcp any any eq 22

access-list 101 deny ip any any

I can't find the reason via debugs or logs, nothing shows up.

When I ping my internet ip, then show the access-list(count), the last line (deny ip any any) increases by 5 (the pings). But I don't know why, I thought the ACL icmp lines above should allow that.

Why can't I ping from the router to myself (my internet ip) ?

What am I missing ?

Thanks !

Matthew

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: Unable to ping myself

Hi Matthew,

Change your ACL so that it looks like this (you will have to remove it completely and re-add this):

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 permit icmp any any echo !!!! NEW LINE

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 permit tcp host x.x.x.x any

access-list 101 permit udp host x.x.251.5 eq domain any

access-list 101 permit tcp host x.x.251.5 eq domain any

access-list 101 permit udp host x.x.x.69 eq domain any

access-list 101 permit tcp host x.x.x.69 eq domain any

access-list 101 permit tcp any any eq 22

access-list 101 deny ip any any

You need to allow ICMP echoes in for you to be able to ping yourself.

Hope that helps - pls rate the post if it does.

Paresh

2 REPLIES
Purple

Re: Unable to ping myself

Hi Matthew,

Change your ACL so that it looks like this (you will have to remove it completely and re-add this):

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 permit icmp any any echo !!!! NEW LINE

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 permit tcp host x.x.x.x any

access-list 101 permit udp host x.x.251.5 eq domain any

access-list 101 permit tcp host x.x.251.5 eq domain any

access-list 101 permit udp host x.x.x.69 eq domain any

access-list 101 permit tcp host x.x.x.69 eq domain any

access-list 101 permit tcp any any eq 22

access-list 101 deny ip any any

You need to allow ICMP echoes in for you to be able to ping yourself.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: Unable to ping myself

I should have researched echo and echo-reply more.

Thanks !!

Matthew

234
Views
0
Helpful
2
Replies