Hi Nanog Members, I've been troubleshooting this problem for a few days already but i'm still unable to fix it. I think it's now time to ask some help from Nanog members. I cannot ping the IP on my Cisco 6509 from the internet. Here are the setup: *Internet*---(copper)-->*GSR*----(fiber)--->* Cisco 6509* <<<<<This setup is NOT OK - I cannot ping *Internet*---(copper)-->*GSR*----(copper)---> *Cisco 6509* <<<<< This setup is OK - I can ping(this is directly connected to the PRP2) NOTES: - I am using PRP2 on my GSR and the fiber is connected to the 4xGE module - I have a default route from Cisco 6509 to GSR - From the 6509 I can only ping the IP addresses on the GSR, addresses outside the GSR are not reachable - From the internet, I can only ping up to the GSR - I can ping from GSR to 6509 and vise versa - The IP on the 6509 is configured on the interface that is directly connected to the GSR. Thanks, -bong
On Oct 10, 2009, at 4:12 PM, Bong Barnido wrote:
I cannot ping the IP on my Cisco 6509 from the internet.
Quite out of the context of the connectivity issue you're trying to troubleshoot, it's in fact extremely desirable to have your 6509 (and all your routers, for that matter) unpingable from the outside your own network. The BCP is to use iACLs, CoPP, et. al. to keep out all unsolicited traffic headed to, as opposed to through (like traceroute, pinging customer hosts, etc.), your network infrastructure. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Sorry, sometimes I mistake your existential crises for technical insights. -- xkcd #625
participants (2)
-
Bong Barnido
-
Roland Dobbins