RE: why can't ping its own interface it is up ???-configattached !!

Thu, 01 Feb 2001 21:17:55 -0800 

hi dear all,

I should say sorry to you all, as I was trying to hide the real address,
from 192.168.3.1 to 100.200.3.1.  Below are the full config.. Pls help me to
find out what is the problem Thank you very very much

RBFW2514#sh conf
Using 2790 out of 32762 bytes
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RBFW2514
!
enable secret 5 $1$i8gB$psKZMoYyK9t2DRTQel4401
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw smtp
ip inspect name fw ftp
!
!
process-max-time 200
!
interface Ethernet0
 description Interface facing Financial Service Provider
 ip address 192.168.3.1 255.255.255.0
 ip access-group 100 in
 no ip directed-broadcast
 ip nat outside
!
interface Ethernet1
 description Interface facing Rabobank (Trusted) network
 ip address 58.199.165.240 255.255.252.0
 no ip directed-broadcast
 ip nat inside
 ip inspect fw in
 ip route-cache flow
!
interface Serial0
 ip unnumbered Ethernet0
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
 no fair-queue
!
interface Serial1
 no ip address
 no ip directed-broadcast
 shutdown
!
ip nat pool rabo 192.168.3.101 192.168.3.200 netmask 255.255.255.0
ip nat pool rabo1 192.168.3.201 192.168.3.240 netmask 255.255.255.0
ip nat pool rabo2 192.168.3.101 192.168.3.240 netmask 255.255.255.0
ip nat inside source list 1 pool rabo2
ip nat inside source list 2 pool rabo1
ip classless
ip route 172.16.0.0 255.255.0.0 192.168.3.31
ip route 192.168.3.0 255.255.255.0 10.168.3.2
ip route 199.105.176.0 255.255.248.0 192.168.3.21
ip route 199.105.184.0 255.255.254.0 192.168.3.21
ip route 205.183.246.0 255.255.255.0 192.168.3.21
ip route 208.134.161.0 255.255.255.0 192.168.3.21
no ip http server
!
logging trap debugging
logging facility local2
logging 58.199.167.22
access-list 1 permit any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any eq www any
access-list 100 permit tcp any any eq 5100
access-list 100 permit tcp any eq 5100 any
access-list 100 permit tcp any any eq 60101
access-list 100 permit tcp any eq 60101 any
access-list 100 permit tcp any any eq 7091
access-list 100 permit tcp any eq 7091 any
access-list 100 permit udp any any eq 7091
access-list 100 permit udp any eq 7091 any
access-list 100 permit udp any any eq domain
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any eq 3000 any
access-list 100 permit udp any eq 3000 any
access-list 100 permit tcp any any eq 3000
access-list 100 permit udp any any eq 3000
access-list 100 permit tcp any any eq 4040
access-list 100 permit tcp any any eq 6080
access-list 100 permit tcp any any range 8194 8294
access-list 100 permit udp any any range 48129 48192 log
access-list 100 permit udp any eq 6080 any
access-list 100 permit udp any eq 4040 any
snmp-server engineID local 00000009020000107B8102E6
snmp-server community public RO
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password XXX
 login
 length 0
!
end

-----Original Message-----
From: Erick B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 12:49 PM
To: Sim, CT (Chee Tong); [EMAIL PROTECTED]
Subject: Re: why can't ping its own interface it is up ????


Since your pinging from the same router that this IP
resides on the access-list doesn't come into play.
Traffic flowing through that interface will be looked
at against the access-list but not traffic sourced
from the router, unless you set up a local policy
route.

If you have a static route routing traffic destined to
100.200.3.0 to 192.168.3.1 this will cause what your
seeing and NAT could effect it as well.

Hows the NAT configured and what are you permitting to
be NAT'd? If your permitting 100.200.3.x and your
outside NAT pool is 192.168.3.x then this could be the
problem as well.

Need to know more about the config.

--- "Sim, CT (Chee Tong)"
<[EMAIL PROTECTED]> wrote:
> Dear all,
> 
> I really don't understand, I have the router
> interface which is up up
> status, but I can't even ping it? What could be the
> reasons?? is that
> because of access-list?? Pls tell me!!
> 
> interface Ethernet0
>  description Interface facing Financial Service
> Provider
>  ip address 100.200.3.1 255.255.255.0
>  ip access-group 100 in
>  no ip directed-broadcast
>  ip nat outside  
> 
> RBFW2514#sh int e0
> Ethernet0 is up, line protocol is up
>   Hardware is Lance, address is 0010.7b81.02e6 (bia
> 0010.7b81.02e6)
>   Description: Interface facing Financial Service
> Provider
>   Internet address is 100.200.3.1/24
>   MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
>      reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:00, output 00:00:00, output hang
> never
>   Last clearing of "show interface" counters never
>   Queueing strategy: fifo
>   Output queue 0/40, 0 drops; input queue 0/75, 0
> drops
>   5 minute input rate 45000 bits/sec, 21 packets/sec
>   5 minute output rate 8000 bits/sec, 16 packets/sec
>      161686946 packets input, 2454329523 bytes, 0 no
> buffer
>      Received 1076750 broadcasts, 0 runts, 0 giants,
> 0 throttles
>      181 input errors, 0 CRC, 0 frame, 0 overrun,
> 181 ignored
>      0 input packets with dribble condition detected
>      129416824 packets output, 3918760326 bytes, 0
> underruns
>      0 output errors, 296169 collisions, 1 interface
> resets
>      0 babbles, 0 late collision, 478162 deferred
>      0 lost carrier, 0 no carrier
>      0 output buffer failures, 0 output buffers
> swapped out
> RBFW2514#ping 100.200.3.1
> 
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 192.168.3.1,
> timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> RBFW2514#



__________________________________________________
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==================================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==================================================================

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to