Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...Thank you. It's already helped me greatly, and I enjoy just reading the inputs from the other members..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Communications Rack > Networking > Cisco: Routers Forum

ICMP not working

thread557-1685988
Read More Threads Like This One
acollard83 (IS/IT--Management)
16 Jun 12 11:32
I am having difficulty getting ICMP to work correctly. I have an access list that allows icmp on the external interface yet no one can ping it. It is a NAT outside interface. Relevent configs are posted below.

interface GigabitEthernet6/14
description 500M Internet to ATT
ip address 12.250.X.X 255.255.255.252
ip access-group 105 in
ip nat outside
speed nonegotiate


ip nat inside source list 105 interface GigabitEthernet6/14 overload

access-list 105 permit ip any any
access-list 105 permit icmp any any echo
access-list 105 permit icmp any any echo-reply
mhdbadi (TechnicalUser)
23 Jun 12 2:33
Hmmm.. the only issue or reason behind this is the access list creation. The order or ACL lines is totally incorrect. It should work but just to make sure, change the configurations starting by deleting the current ACL and adding the lines as follows:

(config)#no access-list 105
(config)#access-list 105 permit icmp any any echo
(config)#access-list 105 permit icmp any any echo-reply
(config)#access-list 105 permit ip any any

if you want my opinion? just remove this ACL! lets assume that it allows ICMP Echo and Echo Reply, but "access-list 105 permit ip any any" is allowing everything else like there is no ACL.

I hope to get back with feedback if you tried it or another approach.

Regards,
Badi
baddos (MIS)
28 Jun 12 16:47
That access-list does do nothing, the very first line would permit every type of icmp packet as well as any other ip packet.

When you say that nobody can ping your 12.250.X.X/30 address, where are you trying to ping it from?
acollard83 (IS/IT--Management)
30 Jun 12 14:21
The access list was added because nobody can ping the IP. No one can ping from outside our network.
VinceWhirlwind (TechnicalUser)
1 Jul 12 19:34
Configure an IP address on your laptop that's in the external subnet of your ATT-facing router, unplug ATT from the router and replace it with your laptop. (probably need a crossover cable).
Can you ping it?
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Cisco: Routers

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close