Issue pinging a router from outside LAN

ajmatson

Ok I am having and issue that is tearing my hair out. I have my 1841 router setup with a static IP from a block issues by my DSL provider. I can ping the IP address from within my LAN however; if I ping it from outside my LAN while at work it times out.

I assigned the IP to a server on the LAN and I was able to ping it successully but once I re-assign it to the Fast Ethernet interface on the 1841 router I cannot ping it again.

I am trying to set it up so I can SSH to it from work but nothing is working. Am I missing something? I have attached my SH RUN from the router if needed.

sh_run.txt

notgoing2fail

Does your ISP allow you to use another device?

When you use the 1841 as your main router, can you access the internet from your LAN?

ajmatson

notgoing2fail wrote: »

Does your ISP allow you to use another device?

When you use the 1841 as your main router, can you access the internet from your LAN?

I'm sorry I should have clarified it a bit better. I have an Actiontec PK5000 DSL modem that runs my ISP connection. The C1841 is directly connected to one of the four ports on the DSL modem. I have a block of static IP's from the ISP which I have on my servers behind the DSL modem which are also connected to the ports on the modem.

I can ping any of the static ip's that are connected to the servers however; if I ping the one assigned to the 1841 it fails. I assigned the same IP to a server interface and it pinged successfully but once I re-assign it to the Fa port on the router it fails again.

notgoing2fail

Oh I see....


I assume this IP is pointing to your ISP's gateway?
Is is the same IP that your servers use?


ip route 0.0.0.0 0.0.0.0 63.228..

ajmatson

notgoing2fail wrote: »

Oh I see....


I assume this IP is pointing to your ISP's gateway?
Is is the same IP that your servers use?


ip route 0.0.0.0 0.0.0.0 63.228..

Ahh you helped me figure it out. My default gateway was incorrect. I could ping my router but not out so I fixed it and now I can ping both out and in. Never though that would stop me from being able to ping in to the router

Thx for the help.

notgoing2fail

ajmatson wrote: »

Ahh you helped me figure it out. My default gateway was incorrect. I could ping my router but not out so I fixed it and now I can ping both out and in. Never though that would stop me from being able to ping in to the router

Thx for the help.

No problem, that gateway issue gets me every time so it's always the first thing I look at.....

alan2308

ajmatson wrote: »

Ahh you helped me figure it out. My default gateway was incorrect. I could ping my router but not out so I fixed it and now I can ping both out and in. Never though that would stop me from being able to ping in to the router

Thx for the help.

Well, technically you were able to ping in to the router, the router just wasn't able to send the ping reply back.

This brings back bad memories of some of the labs in CNA semester 2 where we could ping everything except for the "ISP" router. As notgoing2fail was saying, after you've seen it enough times its real obvious. Until then, its just a major WTF?!? moment.

notgoing2fail

alan2308 wrote: »

Well, technically you were able to ping in to the router, the router just wasn't able to send the ping reply back.

True indeed. It would be pretty cool if there was a function on the router that you can see it saying, "Ping received, sending back response."

Maybe there's a debug icmp command? Then you can mess around with putting in bad gateways just to prove that pings are trying to get back to you but via bad route...

ajmatson

Yea I followed the ARP debug and noticed it was sending it to the incorrect ip (i used the reserved network ip instead of the gateway ip by accident) gotta love the debug commands. Now I can SSH and SDM into the router from work instead of having to console in from my PCs.

alan2308

notgoing2fail wrote: »

True indeed. It would be pretty cool if there was a function on the router that you can see it saying, "Ping received, sending back response."

Maybe there's a debug icmp command? Then you can mess around with putting in bad gateways just to prove that pings are trying to get back to you but via bad route...

I had to fire up a router and try it. The command is "debug ip icmp" and you'll get the following output for each ping:

00:03:52: ICMP: echo reply sent, src 192.168.1.9, dst 192.168.1.100

192.168.1.9 is the router receiving the pings, and 192.168.1.100 is the PC sending the pings. I don't see anything showing the ping request coming in, just the ping replies going back out. This is on a 2514 running IOS 12.1(27b). And yes, I know I really need to upgrade this one.

chmorin

ajmatson wrote: »

Ahh you helped me figure it out. My default gateway was incorrect. I could ping my router but not out so I fixed it and now I can ping both out and in. Never though that would stop me from being able to ping in to the router

Thx for the help.

Ping packets are based on a reply time, so if you get no reply the ping will fail. This happens when the receiving end does not have a route back to the start.

notgoing2fail

alan2308 wrote: »

I had to fire up a router and try it. The command is "debug ip icmp" and you'll get the following output for each ping:

00:03:52: ICMP: echo reply sent, src 192.168.1.9, dst 192.168.1.100

192.168.1.9 is the router receiving the pings, and 192.168.1.100 is the PC sending the pings. I don't see anything showing the ping request coming in, just the ping replies going back out. This is on a 2514 running IOS 12.1(27b). And yes, I know I really need to upgrade this one.

Thanks, just tested it out myself. Got the same response.

When you ping out, it also gives you the same info but this time for receiving a response from your outgoing pings...

It would be nice if it could include the outgoing gateway IP address if it's on a different subnet....