Hi All, I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked. Following is my running conf
ip audit notify log ip audit po max-events 100 ip ssh break-string ~ ipv6 unicast-routing no ftp-server write-enable ! no scripting tcl init no scripting tcl encdir
! no voice hpi capture buffer no voice hpi capture destination
! interface Loopback0 description *** abc *** ip address 192.168.2.2 255.255.255.255 ! interface FastEthernet0/0 description * Connection to officeswitch * ip address 10.0.2.1 255.255.255.240 duplex full speed 100
ipv6 rip abc enable no ipv6 mfib fast ! interface FastEthernet0/1 description * ISP1 * ip address 172.16.17.2 255.255.255.248 ip access-group ISP1-IN in ip access-group ISP1-OUT out ip route-cache flow duplex full speed auto ! interface Serial3/0 description * ISP2 * ip address 10.23.21.2 255.255.255.252 ip access-group Verio-IN in ip access-group Verio-OUT out ip route-cache flow serial restart-delay 0 ! interface Serial3/1 no ip address shutdown serial restart-delay 0 ! interface Serial3/2 no ip address shutdown serial restart-delay 0 ! interface Serial3/3 no ip address shutdown serial restart-delay 0 ! router ospf 00000 log-adjacency-changes network 192.168.0.0 0.0.31.255 area 0 default-information originate ! router bgp 00000 no synchronization bgp log-neighbor-changes network 192.168.0.0.0 mask 255.255.224.0 aggregate-address 192.168.0.0 255.255.224.0 summary-only no auto-summary ! ip classless ip flow-export source Loopback0 ip flow-export version 5 ip flow-aggregation cache protocol-port enabled ! ip flow-aggregation cache prefix enabled ! no ip http server no ip http secure-server ! ip as-path access-list 5 permit ^$ ip as-path access-list 5 deny .* ip as-path access-list 10 permit ^$ ip as-path access-list 20 permit ^00000
ip as-path access-list 30 permit ^00000
ip as-path access-list 30 permit ^00000
ip as-path access-list 30 permit ^00000 ip as-path access-list 30 permit ^00000 ! ! ip access-list standard Access permit 192.168.0.0 0.0.31.255 deny any log ! ip access-list extended ISP1-IN permit tcp host 192.168.1.2 any eq www log permit icmp any any log deny ip 10.0.0.0 0.255.255.255 any log deny tcp any any eq ftp log deny tcp any any eq smtp log deny tcp any any eq 443 log deny ip 192.168.0.0 0.0.255.255 any log permit ip any any
ip access-list extended ISP1-OUT permit icmp any any log permit ip any any
ip access-list extended ISP2-IN permit icmp any any log deny ip 10.0.0.0 0.255.255.255 any log deny tcp any any eq ftp log deny tcp any any eq smtp log deny tcp any any eq 443 deny ip 192.168.0.0 0.0.255.255 any log permit ip any any
ip access-list extended ISP2-OUT permit ip any any permit icmp any any
logging trap debugging logging source-interface Loopback0 snmp-server community apricot RO 1 snmp-server trap-source Loopback0 snmp-server location 101 S Ellsworth Ave Suite 350 snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps config snmp-server enable traps envmon fan shutdown supply temperature snmp-server enable traps bgp redistribute static ! ! route-map ISP1PATH permit 5 match as-path 30 ! route-map ISP1PATH permit 10 match as-path 20 set as-path prepend 00000 ! route-map SETPATH permit 10 match as-path 10 set as-path prepend 00001 !
I will appreciate any input to help me solve this problem.
This conversation is currently closed to new comments.
Try reposting this in the 'Q&A' forum. The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here:
There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'.
Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer". .
Collapse -
This should be over in the Q&A not discussions, but
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Can ping from router but unable to ping from client machines
I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked.
Following is my running conf
ip audit notify log
ip audit po max-events 100
ip ssh break-string ~
ipv6 unicast-routing
no ftp-server write-enable
!
no scripting tcl init
no scripting tcl encdir
!
no voice hpi capture buffer
no voice hpi capture destination
!
interface Loopback0
description *** abc ***
ip address 192.168.2.2 255.255.255.255
!
interface FastEthernet0/0
description * Connection to officeswitch *
ip address 10.0.2.1 255.255.255.240
duplex full
speed 100
ipv6 rip abc enable
no ipv6 mfib fast
!
interface FastEthernet0/1
description * ISP1 *
ip address 172.16.17.2 255.255.255.248
ip access-group ISP1-IN in
ip access-group ISP1-OUT out
ip route-cache flow
duplex full
speed auto
!
interface Serial3/0
description * ISP2 *
ip address 10.23.21.2 255.255.255.252
ip access-group Verio-IN in
ip access-group Verio-OUT out
ip route-cache flow
serial restart-delay 0
!
interface Serial3/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial3/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 00000
log-adjacency-changes
network 192.168.0.0 0.0.31.255 area 0
default-information originate
!
router bgp 00000
no synchronization
bgp log-neighbor-changes
network 192.168.0.0.0 mask 255.255.224.0
aggregate-address 192.168.0.0 255.255.224.0 summary-only
no auto-summary
!
ip classless
ip flow-export source Loopback0
ip flow-export version 5
ip flow-aggregation cache protocol-port
enabled
!
ip flow-aggregation cache prefix
enabled
!
no ip http server
no ip http secure-server
!
ip as-path access-list 5 permit ^$
ip as-path access-list 5 deny .*
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^00000
ip as-path access-list 30 permit ^00000
ip as-path access-list 30 permit ^00000
ip as-path access-list 30 permit ^00000
ip as-path access-list 30 permit ^00000
!
!
ip access-list standard Access
permit 192.168.0.0 0.0.31.255
deny any log
!
ip access-list extended ISP1-IN
permit tcp host 192.168.1.2 any eq www log
permit icmp any any log
deny ip 10.0.0.0 0.255.255.255 any log
deny tcp any any eq ftp log
deny tcp any any eq smtp log
deny tcp any any eq 443 log
deny ip 192.168.0.0 0.0.255.255 any log
permit ip any any
ip access-list extended ISP1-OUT
permit icmp any any log
permit ip any any
ip access-list extended ISP2-IN
permit icmp any any log
deny ip 10.0.0.0 0.255.255.255 any log
deny tcp any any eq ftp log
deny tcp any any eq smtp log
deny tcp any any eq 443
deny ip 192.168.0.0 0.0.255.255 any log
permit ip any any
ip access-list extended ISP2-OUT
permit ip any any
permit icmp any any
logging trap debugging
logging source-interface Loopback0
snmp-server community apricot RO 1
snmp-server trap-source Loopback0
snmp-server location 101 S Ellsworth Ave Suite 350
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps bgp
redistribute static
!
!
route-map ISP1PATH permit 5
match as-path 30
!
route-map ISP1PATH permit 10
match as-path 20
set as-path prepend 00000
!
route-map SETPATH permit 10
match as-path 10
set as-path prepend 00001
!
I will appreciate any input to help me solve this problem.