Why can't I ping anything or tracert anything past my gateway?

I can't ping anything or tracert anything past my router. I have a Dell 6024 Layer 3 router with 10 different VLAN's on it, and none of them can get past the VLAN Gateway. 10.10.200.2 is our PIX 515e and 10.10.200.1 is our Cisco VPN Concentrator. I can't seem to get to any of those on a tracert. But I can ping them fine within the network. Also, pinging any outside IP does not work either.


Here are some results:
H:\>tracert 4.2.2.2

Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.10.23.254
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

Trace complete.

H:\>ping google.com

Pinging google.com [74.125.225.19] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 74.125.225.19:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

H:\>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.2.2.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

H:\>ping 10.10.200.2

Pinging 10.10.200.2 with 32 bytes of data:
Reply from 10.10.200.2: bytes=32 time<1ms TTL=254
Reply from 10.10.200.2: bytes=32 time<1ms TTL=254
Reply from 10.10.200.2: bytes=32 time<1ms TTL=254
Reply from 10.10.200.2: bytes=32 time<1ms TTL=254

Ping statistics for 10.10.200.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

H:\>ping 10.10.200.1

Pinging 10.10.200.1 with 32 bytes of data:
Reply from 10.10.200.1: bytes=32 time<1ms TTL=127
Reply from 10.10.200.1: bytes=32 time<1ms TTL=127
Reply from 10.10.200.1: bytes=32 time<1ms TTL=127
Reply from 10.10.200.1: bytes=32 time<1ms TTL=127

Ping statistics for 10.10.200.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
EKRINAsked:
Who is Participating?
 
vguzmanConnect With a Mentor IT ManagerCommented:
make sure the Firewall (if it's on) is allowing ICMP Echo requests.
0
 
spiderwilk007Commented:
On the Dell 6024 you need to make sure your LAN to WAN settings are correct for each VLAN. You might need to specifically allow LAN to WAN services for each VLAN.
0
 
enachemcCommented:
your gateaway might forbid ping
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
EKRINAuthor Commented:
Well thanks, but not really sure how to accomplish that. I have internet access, so I know the wan is working, but other than that....I know WAN is VLAN4000 and I am on VLAN23 and not sure about much more...:)
0
 
EKRINAuthor Commented:
Firewall is on, but I don't see anything in it that is allowing ICMP Echo requests. But I can ping my firewall from outside the network no problems at all. Do I need a line in my pix like:
access-list 101 permit icmp any any echo-reply

0
 
EKRINAuthor Commented:
I was reading that exact same article when you sent that. :) Not sure if that applies though since the outside can already ping my PIX
0
 
IronmannenCommented:
In the link provided by vquzman you have two methods to send ping through the firewall; access-lists and inspect. You should use inspects since it adds a more secure method
0
 
vguzmanIT ManagerCommented:
In the section "Pings Outbound" it clearly says :
There are two options in PIX 7.x that allow inside users to ping hosts on the outside. The first option is to setup a specific rule for each type of echo message.

For example:

    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any source-quench
    access-list 101 permit icmp any any unreachable  
    access-list 101 permit icmp any any time-exceeded
    access-group 101 in interface outside

0
 
lonnieb7Commented:
Hello,
    Not sure there is enough information to really answer the question, but maybe I can get you started in the right direction.  Before going into topology questions, is ping and tracert the only issues you are having, for instance can you browse the internet?  If you can browse or otherwise reach the net, then your likely problem is your acl's in the pix.  You would need to allow incoming ICMP "echo-reply's" and "time-exceeded" and/or adjust your ICMP inspection policies.
0
 
John MeggersNetwork ArchitectCommented:
Do the devices you're pinging have a route back to the source of the pings?
0
 
spiderwilk007Commented:
Can you do a "show running config" on your cisco and give us the output?
0
 
spiderwilk007Commented:
Also on the Dell.
0
 
The--CaptainCommented:
There are three likely potential causes:

The networking equipment doesn't know how to deliver the packets to the destination (need NAT and/or appropriate route(s)?)

The networking equipment doesn't know how to return replies to the sender (need NAT and/or appropriate route(s)?)

The networking equipment is actively configured to block the packets, or their replies (need to adjust ACLs?)


Start with sniffers on both ends, and go from there.
0
 
EKRINAuthor Commented:
Firewall blocking ping and tracert
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.