Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
2
Replies

Weird routing issue regarding billmelater.com

Jeremy Gibbs
Level 1
Level 1

‎02-25-2014 05:56 PM - edited ‎03-04-2019 10:26 PM

Hello, have had this issue for a while I assume.  But in any case, we have a Cisco ASR 1002 on the edge that does our routing and NAT, behind that we have a Cisco ASA 5585-X and then our LAN. 

Trying ping 208.76.142.234 fails from my desktop behind the firewall, although I see the flow being created in the log for the ICMP packet.  I also see the NAT translation on the edge router happening using show ip nat trans | inc 208.76.142.234. 

I can however ping this IP from the edge router and the firewall. 

I am attaching a doc that explains it better.  You can also normally ping this IP from any other location, ex my cell phone.

Any ideas?

Labels:
Preview file
5 KB
0 Helpful
2 Replies 2

Vasilii Mikhailovskii
Level 7
Level 7

‎02-25-2014 11:37 PM

Hello, Jeremy.

I guess your ASA could have/miss ACL that blocked ICMP echo-reply back to LAN (inspect icmp could be one more way to fix the issue).

PS: it's a little strange that you run NAT on ASR and not ASA device.

0 Helpful

Jeremy Gibbs
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎02-27-2014 09:38 AM

Here is a packet cap from the ASR.  Looks like someone is dropping our traffic..

Screen Shot 2014-02-27 at 12.37.44 PM.png

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card