I believe it's because your ICMP packets are being snagged by the implicit
"deny all" at the end of your access-list. Remove the access-list from the
ethernet interface, then attempt to ping it. It will probably work. If it
does, then you know that it's indeed your access-list that is prohibiting
you from pinging the ethernet interface.
-Chuck
----- Original Message -----
From: "Sim, CT (Chee Tong)" <[EMAIL PROTECTED]>
To: "'Erick B.'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Kevin
Wigle'" <[EMAIL PROTECTED]>; "'Curtis Call'" <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 12:25 AM
Subject: RE: why can't ping its own interface it is up ???-config attached
!!
> hi dear all,
>
> I should say sorry to you all, as I was trying to hide the real address,
> from 192.168.3.1 to 100.200.3.1. Below are the full config.. Pls help me
to
> find out what is the problem Thank you very very much
>
> RBFW2514#sh conf
> Using 2790 out of 32762 bytes
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname RBFW2514
> !
> enable secret 5 $1$i8gB$psKZMoYyK9t2DRTQel4401
> !
> !
> !
> !
> !
> ip subnet-zero
> no ip domain-lookup
> !
> ip inspect name fw tcp
> ip inspect name fw udp
> ip inspect name fw smtp
> ip inspect name fw ftp
> !
> !
> process-max-time 200
> !
> interface Ethernet0
> description Interface facing Financial Service Provider
> ip address 192.168.3.1 255.255.255.0
> ip access-group 100 in
> no ip directed-broadcast
> ip nat outside
> !
> interface Ethernet1
> description Interface facing Rabobank (Trusted) network
> ip address 58.199.165.240 255.255.252.0
> no ip directed-broadcast
> ip nat inside
> ip inspect fw in
> ip route-cache flow
> !
> interface Serial0
> ip unnumbered Ethernet0
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> no fair-queue
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat pool rabo 192.168.3.101 192.168.3.200 netmask 255.255.255.0
> ip nat pool rabo1 192.168.3.201 192.168.3.240 netmask 255.255.255.0
> ip nat pool rabo2 192.168.3.101 192.168.3.240 netmask 255.255.255.0
> ip nat inside source list 1 pool rabo2
> ip nat inside source list 2 pool rabo1
> ip classless
> ip route 172.16.0.0 255.255.0.0 192.168.3.31
> ip route 192.168.3.0 255.255.255.0 10.168.3.2
> ip route 199.105.176.0 255.255.248.0 192.168.3.21
> ip route 199.105.184.0 255.255.254.0 192.168.3.21
> ip route 205.183.246.0 255.255.255.0 192.168.3.21
> ip route 208.134.161.0 255.255.255.0 192.168.3.21
> no ip http server
> !
> logging trap debugging
> logging facility local2
> logging 58.199.167.22
> access-list 1 permit any
> access-list 100 permit tcp any any eq www
> access-list 100 permit tcp any eq www any
> access-list 100 permit tcp any any eq 5100
> access-list 100 permit tcp any eq 5100 any
> access-list 100 permit tcp any any eq 60101
> access-list 100 permit tcp any eq 60101 any
> access-list 100 permit tcp any any eq 7091
> access-list 100 permit tcp any eq 7091 any
> access-list 100 permit udp any any eq 7091
> access-list 100 permit udp any eq 7091 any
> access-list 100 permit udp any any eq domain
> access-list 100 permit udp any eq domain any
> access-list 100 permit tcp any eq 3000 any
> access-list 100 permit udp any eq 3000 any
> access-list 100 permit tcp any any eq 3000
> access-list 100 permit udp any any eq 3000
> access-list 100 permit tcp any any eq 4040
> access-list 100 permit tcp any any eq 6080
> access-list 100 permit tcp any any range 8194 8294
> access-list 100 permit udp any any range 48129 48192 log
> access-list 100 permit udp any eq 6080 any
> access-list 100 permit udp any eq 4040 any
> snmp-server engineID local 00000009020000107B8102E6
> snmp-server community public RO
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> password XXX
> login
> length 0
> !
> end
>
> -----Original Message-----
> From: Erick B. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 12:49 PM
> To: Sim, CT (Chee Tong); [EMAIL PROTECTED]
> Subject: Re: why can't ping its own interface it is up ????
>
>
> Since your pinging from the same router that this IP
> resides on the access-list doesn't come into play.
> Traffic flowing through that interface will be looked
> at against the access-list but not traffic sourced
> from the router, unless you set up a local policy
> route.
>
> If you have a static route routing traffic destined to
> 100.200.3.0 to 192.168.3.1 this will cause what your
> seeing and NAT could effect it as well.
>
> Hows the NAT configured and what are you permitting to
> be NAT'd? If your permitting 100.200.3.x and your
> outside NAT pool is 192.168.3.x then this could be the
> problem as well.
>
> Need to know more about the config.
>
> --- "Sim, CT (Chee Tong)"
> <[EMAIL PROTECTED]> wrote:
> > Dear all,
> >
> > I really don't understand, I have the router
> > interface which is up up
> > status, but I can't even ping it? What could be the
> > reasons?? is that
> > because of access-list?? Pls tell me!!
> >
> > interface Ethernet0
> > description Interface facing Financial Service
> > Provider
> > ip address 100.200.3.1 255.255.255.0
> > ip access-group 100 in
> > no ip directed-broadcast
> > ip nat outside
> >
> > RBFW2514#sh int e0
> > Ethernet0 is up, line protocol is up
> > Hardware is Lance, address is 0010.7b81.02e6 (bia
> > 0010.7b81.02e6)
> > Description: Interface facing Financial Service
> > Provider
> > Internet address is 100.200.3.1/24
> > MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
> > reliability 255/255, txload 1/255, rxload 1/255
> > Encapsulation ARPA, loopback not set
> > Keepalive set (10 sec)
> > ARP type: ARPA, ARP Timeout 04:00:00
> > Last input 00:00:00, output 00:00:00, output hang
> > never
> > Last clearing of "show interface" counters never
> > Queueing strategy: fifo
> > Output queue 0/40, 0 drops; input queue 0/75, 0
> > drops
> > 5 minute input rate 45000 bits/sec, 21 packets/sec
> > 5 minute output rate 8000 bits/sec, 16 packets/sec
> > 161686946 packets input, 2454329523 bytes, 0 no
> > buffer
> > Received 1076750 broadcasts, 0 runts, 0 giants,
> > 0 throttles
> > 181 input errors, 0 CRC, 0 frame, 0 overrun,
> > 181 ignored
> > 0 input packets with dribble condition detected
> > 129416824 packets output, 3918760326 bytes, 0
> > underruns
> > 0 output errors, 296169 collisions, 1 interface
> > resets
> > 0 babbles, 0 late collision, 478162 deferred
> > 0 lost carrier, 0 no carrier
> > 0 output buffer failures, 0 output buffers
> > swapped out
> > RBFW2514#ping 100.200.3.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 192.168.3.1,
> > timeout is 2 seconds:
> > .....
> > Success rate is 0 percent (0/5)
> > RBFW2514#
>
>
>
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ==================================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==================================================================
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
>
> ==================================================================
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]