Cannot ping external ip addresses from my router cisco 2911
Hi there,
For some reason I cannot ping external IP addresses from my router cisco 2911. Any device behind my router 2911 is perfectly fine and can ping, its only the router which cannot. Need help in identifying where the fault is. I forgot if I used to ping external address from my router or not as the devices behind it have no issue, some change at the ISP end might have occurred. I have also contacted ISP according to them it is the internal issue.
Here is the sample of ping from this router:
EXternal pings:
**************************
MyRouter_2911#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
**************************
Internal pings from this router:
**************************
MyRouter_2911#ping 10.10.10.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
**************************
Show ver:
**************************
System image file is "flash:/c2900-universalk9-
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1440A28K
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
**************************
Show run is attached. Need help
showrunEEPURPOSEDtDec72017.TXT
For some reason I cannot ping external IP addresses from my router cisco 2911. Any device behind my router 2911 is perfectly fine and can ping, its only the router which cannot. Need help in identifying where the fault is. I forgot if I used to ping external address from my router or not as the devices behind it have no issue, some change at the ISP end might have occurred. I have also contacted ISP according to them it is the internal issue.
Here is the sample of ping from this router:
EXternal pings:
**************************
MyRouter_2911#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
**************************
Internal pings from this router:
**************************
MyRouter_2911#ping 10.10.10.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
**************************
Show ver:
**************************
System image file is "flash:/c2900-universalk9-
Last reload type: Normal Reload
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1440A28K
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
**************************
Show run is attached. Need help
showrunEEPURPOSEDtDec72017.TXT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you forbid icmp completely you can cause problem with frame fragmentation. So, it would be recommended to enable icmp (at least some types of icmp messages and it would be recommendable to rate limit (police) number of icmp packets that have access to control plane.
ASKER
Thanks Predrag,
Really appreciate it.
Really appreciate it.
You're welcome.
ASKER
Excellent. I removed the access-list 101 and I was able to ping external IP addresses.
Now keeping in mind security of network, is it good/necessary for a router to ping every external address?
I appreciate your time looking into it.