We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Can not ping one address.

KentDRuddick asked
Medium Priority
Last Modified: 2010-04-17

Other than this one address the router appears to work just perfect. I just can't seem to ping the address below. The device in front of this 3640, a pix can ping the address just fine so it has to be on this device or the pix. But why this one address and none others that I know about?

Can you help me correct the problem?


Can not ping!

Current configuration : 1441 bytes
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname AFE
boot system flash 122-24a.bin
logging buffered 4096 informational
enable secret
ip subnet-zero
ip name-server
call rsvp-sync
interface FastEthernet0/0
 ip address
 duplex auto
 speed auto
interface FastEthernet0/1
 ip address
 duplex auto
 speed auto
interface Ethernet1/0
 description Internal Network
 ip address
interface Ethernet1/1
 description Office Ethernet
 ip address
 no keepalive
ip classless
ip route
ip route FastEthernet0/0
ip route FastEthernet0/1
ip route
ip route
ip route Ethernet1/0
ip route Ethernet1/1
no ip http server
snmp-server engineID local 00000009020000B064C3A651
snmp-server community  RO
snmp-server enable traps tty
snmp-server enable traps envmon
snmp-server enable traps frame-relay
dial-peer cor custom
line con 0
line aux 0
line vty 0 4


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Watch Question

I assume this address is on the outside of the pix.  Can you ping any other addresses?


This address is on the outside of the PIX. This is the only address that I know of that I can not ping. I can reach the address from the pix but not this 3640. The route statements are very straight forward on the pix. I can not figure out why just this one address can not be pinged on this device. Other than this address I have no other issues with this device, everything works fine. I'm stumped.
Can you post the pix config?  Sounds like the issue is there.


I skewed the addresses of the servers for security.

Thanks for your help with this.

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password
hostname AFE
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
name kin
name exchange
name insidesharepoint
name tsgateway
name 206.169.17.xx nt01out
name 206.169.17.x kout
name 206.169.17.xx webout
name 206.169.17.x webmail
name 206.169.17.x outsidesharepoint
name 206.169.17.xx tsgatewayout
name jin
name 206.169.17.x jout
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip audit info action alarm
ip audit attack action alarm
arp timeout 14400
global (outside) 1 206.169.17.xx-206.169.17.xxx
global (outside) 1 206.169.17.xxx
nat (inside) 1 0 0
static (inside,outside) kout kin netmask 0 0
static (inside,outside) nt01out SMTPGW netmask 0 0
static (inside,outside) webmail exchange netmask 0 0
static (inside,outside) outsidesharepoint insidesharepoint netmask
55 0 0
static (inside,outside) jout jin netmask 0 0
static (inside,outside) tsgatewayout netmask 0 0
conduit permit tcp host kout eq 5500 any
conduit permit tcp host nt01out eq smtp any
conduit permit tcp host webmail eq https any
conduit permit tcp host outsidesharepoint eq www any
conduit permit tcp host tsgatewayout eq 62889 any
conduit permit tcp host jout eq 5500 any
conduit permit tcp host tsgatewayout eq 62888 any
conduit permit udp host webmail eq ntp host
route outside 1
route inside 1
route inside 1
route inside 1
route inside 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 15
ssh timeout 5
console timeout 0
terminal width 80
I don't see any issues there.  Can you ping from the pix and from the 3640?


I can ping that address from the pix but not the 3640. I find that really strange.
Well, you don't have anything specifically allowing the icmp packet to come back in.  I'm kind of a hack when it comes to the pix, but try adding a line like...

permit icmp any any


add an acl that allow icmp inbound and apply it to the outside interface.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.