Tracert and Ping

[tracydfl]

What do I need to do to allow tracert and ping requests through my cisco 1721. Here is my running config. I'm sure it's something easy.

Cisco1721#sh run
Building configuration...

Current configuration : 4765 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1721
!
!
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name FastEthernet_0 tcp
ip inspect name FastEthernet_0 udp
ip inspect name FastEthernet_0 cuseeme
ip inspect name FastEthernet_0 ftp
ip inspect name FastEthernet_0 h323
ip inspect name FastEthernet_0 rcmd
ip inspect name FastEthernet_0 realaudio
ip inspect name FastEthernet_0 streamworks
ip inspect name FastEthernet_0 vdolive
ip inspect name FastEthernet_0 sqlnet
ip inspect name FastEthernet_0 tftp
ip inspect name Serial_0 udp
ip inspect name Serial_0 tcp
ip inspect name Serial_0 ftp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
interface FastEthernet0
description connected to Advantage International
ip address X.X.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip inspect FastEthernet_0 in
speed auto
!
interface Serial0
description connected to Internet
ip address X.X.122.74 255.255.255.252
ip access-group 101 in
ip nat outside
ip inspect Serial_0 in
encapsulation ppp
!
router rip
version 2
passive-interface Serial0
network X.X.0.0
no auto-summary
!
ip nat pool Cisco1721-natpool-1 X.X.X.17 X.X.X.30 netmask 255.255.25
5.240
ip nat inside source list 1 pool Cisco1721-natpool-1 overload
ip nat inside source static tcp X.X.0.13 20 X.X.X.21 20 extendable
ip nat inside source static tcp X.X.0.13 3389 X.X.X.21 3389 extendable
ip nat inside source static tcp X.X.0.8 80 X.X.X.19 80 extendable
ip nat inside source static udp X.X.0.8 1604 X.X.X.19 1604 extendable
ip nat inside source static tcp X.X.0.8 1494 X.X.X.19 1494 extendable
ip nat inside source static tcp X.X.0.8 3389 X.X.X.19 3389 extendable
ip nat inside source static udp X.X.0.6 53 X.X.X.18 53 extendable
ip nat inside source static tcp X.X.0.6 20 X.X.X.18 20 extendable
ip nat inside source static tcp X.X.0.6 80 X.X.X.18 80 extendable
ip nat inside source static tcp X.X.0.6 46 X.X.X.18 46 extendable
ip nat inside source static udp X.X.0.13 53 X.X.X.21 53 extendable
ip nat inside source static tcp X.X.0.13 80 X.X.X.21 80 extendable
ip nat inside source static tcp X.X.0.13 25 X.X.X.21 25 extendable
ip nat inside source static tcp X.X.0.13 110 X.X.X.21 110 extendable
ip nat inside source static udp X.X.0.5 53 X.X.X.17 53 extendable
ip nat inside source static tcp X.X.0.5 80 X.X.X.17 80 extendable
ip nat inside source static tcp X.X.0.5 25 X.X.X.18 25 extendable
ip nat inside source static tcp X.X.0.5 110 X.X.X.18 110 extendable
ip nat inside source static tcp X.X.0.13 21 X.X.X.21 21 extendable
ip nat inside source static tcp X.X.0.6 21 X.X.X.18 21 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit X.X.0.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 permit tcp any host X.X.X.17 eq www
access-list 101 permit udp any host X.X.X.18 eq domain
access-list 101 permit tcp any host X.X.X.18 eq www
access-list 101 permit tcp any host X.X.X.18 eq smtp
access-list 101 permit tcp any host X.X.X.18 eq pop3
access-list 101 permit tcp any host X.X.X.18 eq 3389
access-list 101 permit tcp any host X.X.X.18 range ftp-data ftp
access-list 101 permit tcp any host X.X.X.18 gt 1013 established
access-list 101 permit tcp any host X.X.X.18 eq 46
access-list 101 permit udp any host X.X.X.19 eq 1604
access-list 101 permit tcp any host X.X.X.19 eq 1494
access-list 101 permit tcp any host X.X.X.19 eq www
access-list 101 permit tcp any host X.X.X.21 eq www
access-list 101 permit udp any host X.X.X.21 eq domain
access-list 101 permit tcp any host X.X.X.21 range ftp-data ftp
access-list 101 permit tcp any host X.X.X.21 gt 1013 established
access-list 101 permit tcp any host X.X.X.21 eq 3389
access-list 101 permit tcp any host X.X.X.21 eq smtp
access-list 101 permit tcp any host X.X.X.21 eq pop3
!


!
no scheduler allocate
end

 

[IPKONFIG]

Why do you have access-list 100? The only statement in it is: permit ip any any. If you want to allow ICMP through your access lists then put the statement in for ICMP. access-list 100 permit ICMP any any

If you want to know what's being block try logging your access-lists and you'll see where the problem is.



"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[tracydfl]

the access list 100 is allowing everything through the f0 port, i'm blocking everything at s0. so, i should open up icmp at s0. it'll only be temporary, don't want to leave it open.

 

[IPKONFIG]

Ah...access-list 100 is worthless. If you don't have it, you'll get the same result. Why waste processing power on an access-list that doesn't do anything.

Anyway...open up ICMP and you should be fine.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[Nettekkie1010]

Access-list 101 is the issue here as it does not allow ICMP.

haveagoodun!

 

[tracydfl]

Thanks guys, i'll give it a shot.

 

[IPKONFIG]

Yes, Access-list 101 is the problem. I was only using access-list 100 as an example.

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts