yes.... I solved the problem, I have to enable ICMP to pass thru so that I
can ping the own interface, however I still doubt about it as I know the
access-list only affect the traffic passing thru the router but not the
traffic initiated from the router. Anyway. thanks for your help
Sim
-----Original Message-----
From: Charles Ryan [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 03, 2001 7:14 AM
To: Sim, CT (Chee Tong); 'Erick B.'; [EMAIL PROTECTED]; 'Kevin
Wigle'; 'Curtis Call'
Subject: Re: why can't ping its own interface it is up ???-config
attached !!
I believe it's because your ICMP packets are being snagged by the implicit
"deny all" at the end of your access-list. Remove the access-list from the
ethernet interface, then attempt to ping it. It will probably work. If it
does, then you know that it's indeed your access-list that is prohibiting
you from pinging the ethernet interface.
-Chuck
----- Original Message -----
From: "Sim, CT (Chee Tong)" <[EMAIL PROTECTED]>
To: "'Erick B.'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'Kevin
Wigle'" <[EMAIL PROTECTED]>; "'Curtis Call'" <[EMAIL PROTECTED]>
Sent: Friday, February 02, 2001 12:25 AM
Subject: RE: why can't ping its own interface it is up ???-config attached
!!
> hi dear all,
>
> I should say sorry to you all, as I was trying to hide the real address,
> from 192.168.3.1 to 100.200.3.1. Below are the full config.. Pls help me
to
> find out what is the problem Thank you very very much
>
> RBFW2514#sh conf
> Using 2790 out of 32762 bytes
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname RBFW2514
> !
> enable secret 5 $1$i8gB$psKZMoYyK9t2DRTQel4401
> !
> !
> !
> !
> !
> ip subnet-zero
> no ip domain-lookup
> !
> ip inspect name fw tcp
> ip inspect name fw udp
> ip inspect name fw smtp
> ip inspect name fw ftp
> !
> !
> process-max-time 200
> !
> interface Ethernet0
> description Interface facing Financial Service Provider
> ip address 192.168.3.1 255.255.255.0
> ip access-group 100 in
> no ip directed-broadcast
> ip nat outside
> !
> interface Ethernet1
> description Interface facing Rabobank (Trusted) network
> ip address 58.199.165.240 255.255.252.0
> no ip directed-broadcast
> ip nat inside
> ip inspect fw in
> ip route-cache flow
> !
> interface Serial0
> ip unnumbered Ethernet0
> no ip directed-broadcast
> no ip mroute-cache
> shutdown
> no fair-queue
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat pool rabo 192.168.3.101 192.168.3.200 netmask 255.255.255.0
> ip nat pool rabo1 192.168.3.201 192.168.3.240 netmask 255.255.255.0
> ip nat pool rabo2 192.168.3.101 192.168.3.240 netmask 255.255.255.0
> ip nat inside source list 1 pool rabo2
> ip nat inside source list 2 pool rabo1
> ip classless
> ip route 172.16.0.0 255.255.0.0 192.168.3.31
> ip route 192.168.3.0 255.255.255.0 10.168.3.2
> ip route 199.105.176.0 255.255.248.0 192.168.3.21
> ip route 199.105.184.0 255.255.254.0 192.168.3.21
> ip route 205.183.246.0 255.255.255.0 192.168.3.21
> ip route 208.134.161.0 255.255.255.0 192.168.3.21
> no ip http server
> !
> logging trap debugging
> logging facility local2
> logging 58.199.167.22
> access-list 1 permit any
> access-list 100 permit tcp any any eq www
> access-list 100 permit tcp any eq www any
> access-list 100 permit tcp any any eq 5100
> access-list 100 permit tcp any eq 5100 any
> access-list 100 permit tcp any any eq 60101
> access-list 100 permit tcp any eq 60101 any
> access-list 100 permit tcp any any eq 7091
> access-list 100 permit tcp any eq 7091 any
> access-list 100 permit udp any any eq 7091
> access-list 100 permit udp any eq 7091 any
> access-list 100 permit udp any any eq domain
> access-list 100 permit udp any eq domain any
> access-list 100 permit tcp any eq 3000 any
> access-list 100 permit udp any eq 3000 any
> access-list 100 permit tcp any any eq 3000
> access-list 100 permit udp any any eq 3000
> access-list 100 permit tcp any any eq 4040
> access-list 100 permit tcp any any eq 6080
> access-list 100 permit tcp any any range 8194 8294
> access-list 100 permit udp any any range 48129 48192 log
> access-list 100 permit udp any eq 6080 any
> access-list 100 permit udp any eq 4040 any
> snmp-server engineID local 00000009020000107B8102E6
> snmp-server community public RO
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> password XXX
> login
> length 0
> !
> end
>
> -----Original Message-----
> From: Erick B. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 02, 2001 12:49 PM
> To: Sim, CT (Chee Tong); [EMAIL PROTECTED]
> Subject: Re: why can't ping its own interface it is up ????
>
>
> Since your pinging from the same router that this IP
> resides on the access-list doesn't come into play.
> Traffic flowing through that interface will be looked
> at against the access-list but not traffic sourced
> from the router, unless you set up a local policy
> route.
>
> If you have a static route routing traffic destined to
> 100.200.3.0 to 192.168.3.1 this will cause what your
> seeing and NAT could effect it as well.
>
> Hows the NAT configured and what are you permitting to
> be NAT'd? If your permitting 100.200.3.x and your
> outside NAT pool is 192.168.3.x then this could be the
> problem as well.
>
> Need to know more about the config.
>
> --- "Sim, CT (Chee Tong)"
> <[EMAIL PROTECTED]> wrote:
> > Dear all,
> >
> > I really don't understand, I have the router
> > interface which is up up
> > status, but I can't even ping it? What could be the
> > reasons?? is that
> > because of access-list?? Pls tell me!!
> >
> > interface Ethernet0
> > description Interface facing Financial Service
> > Provider
> > ip address 100.200.3.1 255.255.255.0
> > ip access-group 100 in
> > no ip directed-broadcast
> > ip nat outside
> >
> > RBFW2514#sh int e0
> > Ethernet0 is up, line protocol is up
> > Hardware is Lance, address is 0010.7b81.02e6 (bia
> > 0010.7b81.02e6)
> > Description: Interface facing Financial Service
> > Provider
> > Internet address is 100.200.3.1/24
> > MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
> > reliability 255/255, txload 1/255, rxload 1/255
> > Encapsulation ARPA, loopback not set
> > Keepalive set (10 sec)
> > ARP type: ARPA, ARP Timeout 04:00:00
> > Last input 00:00:00, output 00:00:00, output hang
> > never
> > Last clearing of "show interface" counters never
> > Queueing strategy: fifo
> > Output queue 0/40, 0 drops; input queue 0/75, 0
> > drops
> > 5 minute input rate 45000 bits/sec, 21 packets/sec
> > 5 minute output rate 8000 bits/sec, 16 packets/sec
> > 161686946 packets input, 2454329523 bytes, 0 no
> > buffer
> > Received 1076750 broadcasts, 0 runts, 0 giants,
> > 0 throttles
> > 181 input errors, 0 CRC, 0 frame, 0 overrun,
> > 181 ignored
> > 0 input packets with dribble condition detected
> > 129416824 packets output, 3918760326 bytes, 0
> > underruns
> > 0 output errors, 296169 collisions, 1 interface
> > resets
> > 0 babbles, 0 late collision, 478162 deferred
> > 0 lost carrier, 0 no carrier
> > 0 output buffer failures, 0 output buffers
> > swapped out
> > RBFW2514#ping 100.200.3.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 192.168.3.1,
> > timeout is 2 seconds:
> > .....
> > Success rate is 0 percent (0/5)
> > RBFW2514#
>
>
>
> __________________________________________________
> Get personalized email addresses from Yahoo! Mail - only $35
> a year! http://personal.mail.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ==================================================================
> De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
> is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
> onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
> de afzender direct te informeren door het bericht te retourneren.
> ==================================================================
> The information contained in this message may be confidential
> and is intended to be exclusively for the addressee. Should you
> receive this message unintentionally, please do not use the contents
> herein and notify the sender immediately by return e-mail.
>
>
> ==================================================================
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
