aando
asked on
Unable to ping different subnet
Hello,
I am having a issue with a company that has three office locations, two of them are linked together via fiber with a vlan. The IP scheme is 10.0.0.0/24 for those two offices, but at their third office it is connected via microwave and is on a different subnet of 10.0.2.0/24. I am able to ping the internal IP of the router at the microwave site just fine, but when I try to ping the machines with the exception of one I am unsuccessful. Where the problem does not make any sense is I can ping one of the client machines within that network but not the other two. But I can also VNC to any of the machines in this microwave network.
There are routes in place, and have been in place for years and have worked fine. I have already added static routes to the server that I am attempting to ping from, and I am still unable to. I have spoken with the ISP and they said that there are no problems for what they can see. The topology on the microwave network is that when data is received it passes through a cisco router and then through a switch to the client machines. The client machines are able to ping the server they are trying to reach just fine, but from the server I am unsuccessful. Right now the prime suspect is the Cisco router at the remote location. Any ideas?
I am having a issue with a company that has three office locations, two of them are linked together via fiber with a vlan. The IP scheme is 10.0.0.0/24 for those two offices, but at their third office it is connected via microwave and is on a different subnet of 10.0.2.0/24. I am able to ping the internal IP of the router at the microwave site just fine, but when I try to ping the machines with the exception of one I am unsuccessful. Where the problem does not make any sense is I can ping one of the client machines within that network but not the other two. But I can also VNC to any of the machines in this microwave network.
There are routes in place, and have been in place for years and have worked fine. I have already added static routes to the server that I am attempting to ping from, and I am still unable to. I have spoken with the ISP and they said that there are no problems for what they can see. The topology on the microwave network is that when data is received it passes through a cisco router and then through a switch to the client machines. The client machines are able to ping the server they are trying to reach just fine, but from the server I am unsuccessful. Right now the prime suspect is the Cisco router at the remote location. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try a traceroute and see where you're failing. Is anything filtering ICMP, on the router or the hosts?
Observation1: You can ping one of the computers (say C1) on the network (the one connected via microwave link) and not the other two (say C2 and C3).
Observation 2: The client computers (I assume the computers that could not be pinged from the server), can ping the the server.
Observation 3: You can VNC into all three computers
Please do the following tests:
1. Ping C2 or C3 from C1. Does it succeed? If not, it could be a firewall issue - the firewall may be blocking ICMP Echo Request packets incident on this port. If it succeeds, the problem could be with the router's VLAN configuration. Please ensure that all three computers are on the same VLAN.
2. Check the router, is broadcast blocked on ports that are connected with C2 and C3. It may help to use the same configuration as that for the port connected to C1
I hope it helps.
1. Do all three computers are part of the same VLAN
Observation 2: The client computers (I assume the computers that could not be pinged from the server), can ping the the server.
Observation 3: You can VNC into all three computers
Please do the following tests:
1. Ping C2 or C3 from C1. Does it succeed? If not, it could be a firewall issue - the firewall may be blocking ICMP Echo Request packets incident on this port. If it succeeds, the problem could be with the router's VLAN configuration. Please ensure that all three computers are on the same VLAN.
2. Check the router, is broadcast blocked on ports that are connected with C2 and C3. It may help to use the same configuration as that for the port connected to C1
I hope it helps.
1. Do all three computers are part of the same VLAN
>1. Ping C2 or C3 from C1. Does it succeed? If not, it could be a firewall issue - the firewall may be blocking ICMP Echo Request packets incident on this port. If it succeeds, the problem could be with the router's VLAN configuration. Please ensure that all three computers are on the same VLAN.
This is not necessarily true. Microsoft XP SP2 or better allows ICMP from the local subnet but NOT remote subnets. So if C2 or C3 respond to C1, it still does not eliminate the firewall.
Thus I go back to Occam's Razor "the simplest explanation is usually the best" or turn off the Windows firewall.
This is not necessarily true. Microsoft XP SP2 or better allows ICMP from the local subnet but NOT remote subnets. So if C2 or C3 respond to C1, it still does not eliminate the firewall.
Thus I go back to Occam's Razor "the simplest explanation is usually the best" or turn off the Windows firewall.
I don't use Windows Firewall.
I use Symantec's Norton 360. I had to add another computer as a trusted computer so that one could ping another.
I agree. Turning of firewall would eliminate one variable.
I use Symantec's Norton 360. I had to add another computer as a trusted computer so that one could ping another.
I agree. Turning of firewall would eliminate one variable.
ASKER
Windows firewall was blocking pings, figures it is the most simple thing.
Thanks for the points, but why the B? Answer was complete, accurate and 11 minutes after you asked...
RPPreacher,
Thanks for helping to isolate the problem - the Windows Firewall. I disagree with the completeness part - The answer isn't complete - the firewall has to be configured to allow ICMP pings. I'll appreciate if you could please post the steps for aando's benefit.
Thanks in advance.
Thanks for helping to isolate the problem - the Windows Firewall. I disagree with the completeness part - The answer isn't complete - the firewall has to be configured to allow ICMP pings. I'll appreciate if you could please post the steps for aando's benefit.
Thanks in advance.
Check your routes. If all else fails, from one of the non-responding machines, manually do a ROUTE ADD command and specify the correct router as the gateway.