Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best practice for resolving connectivity issues 1

Status
Not open for further replies.
pbunyon

pbunyon

Technical User
Feb 9, 2005
83
0
0
US
What is the best practice in troubleshooting intranet access versa's internet access within an enterprises network?
Tracert seems to alway error out at proxy/ISA/firewall within an intranet when trying a trace on yahoo or any other accesable sites from within intranet.
Can I assume this test validates connectivity to the internet or not?
Or is the ICMP packets merely being blocked?
Any help is appreciated.


Paul
 
Sort by date Sort by votes
Try ping a public address by the public ip, like yahoo 216.109.112.135. That will tell you if you have ip connectivity.

Do an ipconfig and try to ping another workstation on the lan. That will tell you if you can talk to another pc on the lan.
 
Upvote 0 Downvote
In all probability your ICMP packets are being blocked at the firewall, therefore the traceroute failure at the ISA server. You could turn this rule off, as an outbound ICMP request is normally not a security issue, nor is an inbound ICMP reply. But for some reason, most default rulesets block ICMP in both directions.

If you are *nix literate you can use hping to test connectivity over TCP, UDP or ICMP as your needs dictate. That will allow you to test Internet connectivity within the firewall ruleset.

And no, you cannot assume connectivity to the Internet unless you can get a host out there to respond to your packets. The fact that you get no responses or blocked responses when Internet connectivity works does not correspond to no responses or blocked responses means that the Internet connectivity is up (if that blocking is occuring at your firewall).

You can usually telnet to a web server at port 80 to determine if connectivity is up. Normally you would want to do this both by name and by IP address because it is possible that your connectivity is up, but your DNS server is not (or is busy). They are two completely different problems that will frequently yield the same result.


pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
178
maybeimaleo
maybeimaleo
joserodriguezan
  • Locked
  • Question
Looking for a free software application to recieve SMNP alerts.
Replies
0
Views
111
joserodriguezan
joserodriguezan
Tony D
  • Locked
  • Question
NAT Port Forwarding
Replies
0
Views
112
Tony D
Tony D
nelsonsk2
  • Locked
  • Question
No Internet on VLAN but websites are resolving
Replies
7
Views
115
nelsonsk2
nelsonsk2
bribiesca
  • Locked
  • Question
External IP resolving to internal address
Replies
0
Views
27
bribiesca
bribiesca

Part and Inventory Search

Sponsor

Back
Top