leblanc
asked on
can only ping one way
I have a simple setup (see below) and I can only ping from siteA to siteB and not vice versa. Any thoughts will be greatly appreciated.
chaau
Can you check that ICMP protocol is not disabled on SiteA
ASKER
siteB can see the Internet router via CDP. NOt sure how to check if icmp is diable on siteA. But SiteB cannot even ping the Internet router. I am using GNS3 as my lab test.
siteB config (very basic):
siteB config (very basic):
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname siteB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.20.20.1 255.255.255.252 secondary
ip address 30.30.30.1 255.255.255.240
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 20.20.20.2
!
!
no ip http server
no ip http secure-server
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
endASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is just a lab so I have 3 routers with nothing on it, just the IP addresses for the interfaces and the default route on siteA and siteB. I agree with you, if siteA can ping siteB then that means siteB has a route back to siteA. That is why I do not understand why siteB cannot ping siteA. I am pinging from router to router.
SiteB router cannot even ping fa0/1 of the Internet router.
Could it be a bug from my GNS3? I am not sure because I rebuilt my lab several times already.
SiteB router cannot even ping fa0/1 of the Internet router.
Could it be a bug from my GNS3? I am not sure because I rebuilt my lab several times already.
Post the configs of the three routers please.
ASKER
The Internet router:
SiteA router:
You can find ID: 40060669
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname internet
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
!
multilink bundle-name authenticated
ip tcp synwait-time 5
!
!
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.240
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 20.20.20.2 255.255.255.252
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
control-plane
!!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
endSiteA router:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SiteA
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.240
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10.10.2
!
!
no ip http server
no ip http secure-server
!
!!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
endYou can find ID: 40060669
There's nothing in the configs that would cause this. Emulators and simulators sometimes don't behave as expected.
You could try making the 20.20.20.1 address on Site B the only address on that interface.
You could try making the 20.20.20.1 address on Site B the only address on that interface.
ASKER
Yes. That will work. But I was trying to duplicate a production environment and it has a secondary IP address on fa0/0 on siteB. I need to look into more detail. Thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Check the computer you are trying to ping.
Access the firewall (firewall.cpl)
Access "Allow a program or feature through windows firewall"
Check if "file and printer sharing" is enabled.
If you can ping from one side, then icmp traffic is not blocked any where.
Access the firewall (firewall.cpl)
Access "Allow a program or feature through windows firewall"
Check if "file and printer sharing" is enabled.
If you can ping from one side, then icmp traffic is not blocked any where.
This is ping is router-to-router. There is no PC.
my guess would be that pings are emitted from 30.30.30.1 address and neither of the other routers have a route to this address. if that is correct you should be able to sniff/trace the pings (echo but not reply) on the other routers.
you shold also be able to get the pings to work by specifying the secondary address as the source address of the pings
you shold also be able to get the pings to work by specifying the secondary address as the source address of the pings
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
on the internet router
ip route 30.30.30.1 255.255.255.240 20.20.20.1
my previous post was wrong : siteA has a default gateway which is good enough
ip route 30.30.30.1 255.255.255.240 20.20.20.1
my previous post was wrong : siteA has a default gateway which is good enough