cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
marvison
New Contributor

Having trouble pinging remote router.

We have a site that has an MPLS. Each site has a Netvanta 3430 which connects to the MPLS. We are adding some new subnets and I'm currently testing they can all talk with each other.

Right now I can ping from a server to a remote Adtran but not from the servers Adtran to the same remote Adtran.

A1 = Site 1's Adtran

A2 = Remote site Adtran

S1 = Site 1's Server

S2 = Remote site server

----> = ping

A1---->A2

Does not work

S1--->A2

Works

A2--->A1

Works

A2 is the only router with any ACL which is as follows.

ip access-list extended NAME

  permit ip any  host x.x.x.x

  permit ip host x.x.x.x  any

  permit icmp any  host x.x.x.x

  permit icmp host x.x.x.x  any

Would this be blocking it?

Labels (1)
0 Kudos
2 Replies
Anonymous
Not applicable

Re: Having trouble pinging remote router.

When pinging from router to router, are you using the 'source' command to source the ping from the interface on the LAN?

Example:  NV3448#ping 192.168.2.1 source 192.168.1.1  (each of those addresses would be supposing .1 is on the router interface)

Depending on the MPLS configuration on the WAN side, a simple ping command wouldn't result in returned traffic as the routing table doesn't always need to know your far-end WAN IP.  Since the simple ping would source from WAN side, the far end wouldn't know how to get back to you.  This is likely why a ping from Server to Router works, because the source is from a known subnet.

jayh
Honored Contributor
Honored Contributor

Re: Having trouble pinging remote router.

marvison wrote:

We have a site that has an MPLS. Each site has a Netvanta 3430 which connects to the MPLS. We are adding some new subnets and I'm currently testing they can all talk with each other.

Have you informed your MPLS carrier about the new subnets? How are they advertised? Static routes on the provider side? Dynamic routing such as BGP or OSPF between your CE Adtran and the carrier's PE router? If dynamic, are you redistributing the connected and static subnets into MPLS?

A2 is the only router with any ACL which is as follows.

ip access-list extended NAME

permit ip any host x.x.x.x

permit ip host x.x.x.x any

permit icmp any host x.x.x.x

permit icmp host x.x.x.x any

Would this be blocking it?

It certainly could be depending on what host x.x.x.x is and to what interface the ACL is applied. Try removing the ACL temporarily and re-test. Note that if x.x.x.x is the same IP, you don't need to permit ICMP if you are permitting IP. ICMP is a subset of IP.