Is there a need to maybe place a permit icmp any any command in this equation. -----Original Message----- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Friday, February 02, 2001 12:26 AM To: 'Erick B.'; [EMAIL PROTECTED]; 'Kevin Wigle'; 'Curtis Call' Subject: RE: why can't ping its own interface it is up ???-config attached !! hi dear all, I should say sorry to you all, as I was trying to hide the real address, from 192.168.3.1 to 100.200.3.1. Below are the full config.. Pls help me to find out what is the problem Thank you very very much RBFW2514#sh conf Using 2790 out of 32762 bytes ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname RBFW2514 ! enable secret 5 $1$i8gB$psKZMoYyK9t2DRTQel4401 ! ! ! ! ! ip subnet-zero no ip domain-lookup ! ip inspect name fw tcp ip inspect name fw udp ip inspect name fw smtp ip inspect name fw ftp ! ! process-max-time 200 ! interface Ethernet0 description Interface facing Financial Service Provider ip address 192.168.3.1 255.255.255.0 ip access-group 100 in no ip directed-broadcast ip nat outside ! interface Ethernet1 description Interface facing Rabobank (Trusted) network ip address 58.199.165.240 255.255.252.0 no ip directed-broadcast ip nat inside ip inspect fw in ip route-cache flow ! interface Serial0 ip unnumbered Ethernet0 no ip directed-broadcast no ip mroute-cache shutdown no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! ip nat pool rabo 192.168.3.101 192.168.3.200 netmask 255.255.255.0 ip nat pool rabo1 192.168.3.201 192.168.3.240 netmask 255.255.255.0 ip nat pool rabo2 192.168.3.101 192.168.3.240 netmask 255.255.255.0 ip nat inside source list 1 pool rabo2 ip nat inside source list 2 pool rabo1 ip classless ip route 172.16.0.0 255.255.0.0 192.168.3.31 ip route 192.168.3.0 255.255.255.0 10.168.3.2 ip route 199.105.176.0 255.255.248.0 192.168.3.21 ip route 199.105.184.0 255.255.254.0 192.168.3.21 ip route 205.183.246.0 255.255.255.0 192.168.3.21 ip route 208.134.161.0 255.255.255.0 192.168.3.21 no ip http server ! logging trap debugging logging facility local2 logging 58.199.167.22 access-list 1 permit any access-list 100 permit tcp any any eq www access-list 100 permit tcp any eq www any access-list 100 permit tcp any any eq 5100 access-list 100 permit tcp any eq 5100 any access-list 100 permit tcp any any eq 60101 access-list 100 permit tcp any eq 60101 any access-list 100 permit tcp any any eq 7091 access-list 100 permit tcp any eq 7091 any access-list 100 permit udp any any eq 7091 access-list 100 permit udp any eq 7091 any access-list 100 permit udp any any eq domain access-list 100 permit udp any eq domain any access-list 100 permit tcp any eq 3000 any access-list 100 permit udp any eq 3000 any access-list 100 permit tcp any any eq 3000 access-list 100 permit udp any any eq 3000 access-list 100 permit tcp any any eq 4040 access-list 100 permit tcp any any eq 6080 access-list 100 permit tcp any any range 8194 8294 access-list 100 permit udp any any range 48129 48192 log access-list 100 permit udp any eq 6080 any access-list 100 permit udp any eq 4040 any snmp-server engineID local 00000009020000107B8102E6 snmp-server community public RO ! line con 0 transport input none line aux 0 line vty 0 4 password XXX login length 0 ! end -----Original Message----- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Friday, February 02, 2001 12:49 PM To: Sim, CT (Chee Tong); [EMAIL PROTECTED] Subject: Re: why can't ping its own interface it is up ???? Since your pinging from the same router that this IP resides on the access-list doesn't come into play. Traffic flowing through that interface will be looked at against the access-list but not traffic sourced from the router, unless you set up a local policy route. If you have a static route routing traffic destined to 100.200.3.0 to 192.168.3.1 this will cause what your seeing and NAT could effect it as well. Hows the NAT configured and what are you permitting to be NAT'd? If your permitting 100.200.3.x and your outside NAT pool is 192.168.3.x then this could be the problem as well. Need to know more about the config. --- "Sim, CT (Chee Tong)" <[EMAIL PROTECTED]> wrote: > Dear all, > > I really don't understand, I have the router > interface which is up up > status, but I can't even ping it? What could be the > reasons?? is that > because of access-list?? Pls tell me!! > > interface Ethernet0 > description Interface facing Financial Service > Provider > ip address 100.200.3.1 255.255.255.0 > ip access-group 100 in > no ip directed-broadcast > ip nat outside > > RBFW2514#sh int e0 > Ethernet0 is up, line protocol is up > Hardware is Lance, address is 0010.7b81.02e6 (bia > 0010.7b81.02e6) > Description: Interface facing Financial Service > Provider > Internet address is 100.200.3.1/24 > MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, > reliability 255/255, txload 1/255, rxload 1/255 > Encapsulation ARPA, loopback not set > Keepalive set (10 sec) > ARP type: ARPA, ARP Timeout 04:00:00 > Last input 00:00:00, output 00:00:00, output hang > never > Last clearing of "show interface" counters never > Queueing strategy: fifo > Output queue 0/40, 0 drops; input queue 0/75, 0 > drops > 5 minute input rate 45000 bits/sec, 21 packets/sec > 5 minute output rate 8000 bits/sec, 16 packets/sec > 161686946 packets input, 2454329523 bytes, 0 no > buffer > Received 1076750 broadcasts, 0 runts, 0 giants, > 0 throttles > 181 input errors, 0 CRC, 0 frame, 0 overrun, > 181 ignored > 0 input packets with dribble condition detected > 129416824 packets output, 3918760326 bytes, 0 > underruns > 0 output errors, 296169 collisions, 1 interface > resets > 0 babbles, 0 late collision, 478162 deferred > 0 lost carrier, 0 no carrier > 0 output buffer failures, 0 output buffers > swapped out > RBFW2514#ping 100.200.3.1 > > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 192.168.3.1, > timeout is 2 seconds: > ..... > Success rate is 0 percent (0/5) > RBFW2514# __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ================================================================== De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. ================================================================== The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. ================================================================== _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
