1

Firstly all devices are ON and have an active/working network connection.

Secondly the device I'm trying to ping from is pingable from the devices I'm trying to ping!

Right, we have a secure VPN tunnel using a Cisco ASA 5500 which has a working VPN connection to a remote location, the remote location is on a 172.21.79.0 subnet. On our side we have a server than shouljd be able to ping IP's within this subnet, some IP's work, some don't.

The server is setup on the VPN connection as 10. address, it also has a domain connection on a 172.16 address. I've noticed that if I disable the domain connection all works fine, but if the domain connection is enable certain IP's on the 172.21.79.0 subnet are no longer pingable.

Thats the problem, I think the 2 network cards on separate networks is causing it.... but I'm stumped on how to fix it.

Another thing I should mention is that the server is running as a virtual machine in Hyper-V.

stead1984
  • 577
  • 8
  • 16
  • 32
  • The server may be offering to route via ARP some IP's on 172.21.79 instead of letting them speak for themselves. – kmarsh Jan 27 '10 at 12:38

3 Answers3

2

I've been in this situation and it can be frustration. If you have one nic enabled your machine will pick it by default but if you have two, it won't know which on to pick. I don't know why it picks one over the other by default. Since it sounds like you're on a windows machine I'm not sure you'll be able to ping through a specific interface.

But on most *nix boxes this would be:

ping -I interface hostip.to.ping

What you could do is add a route to your windows machine by doing the following:

route ADD xxx.xxx.xxx.xxx MASK xxx.xxx.xxx.xxx  xxx.xxx.xxx.xxx

Which translates to:

route ADD “network” MASK “subnet mask”  “gateway ip”

Your machine will know which interface to use depending on the network you list above. It'll match the nic you've defined on your server.

Here are two decent references:

Routing:

How to route different traffic thru different network interfaces (in Windows)

Pinging:

http://www.inetdaemon.com/tutorials/internet/icmp/using_ping.shtml

Edit: I'd be very surprised if this had anything to do with your Cisco device. But you could check your ACL list for each subnet. If that gets confusing, use one nic and set up each subnet on it one at a time verify that both work separately. I'm pretty sure it's your local machine getting confused with the route rather than a firewall or external router if I've understood the question correctly.

Community
  • 1
Patrick R
  • 2,925
  • 1
  • 18
  • 27
  • This wouldn't work as the gateway I need it to use is in a different subnet. I want 172.21.79.0 subnet to use the interface with the 10.1.0.4 IP. – stead1984 Jan 27 '10 at 13:20
  • Can you clarify two things: 1. what do you mean by domain connection? 2: is there anything in the 172.16 network that might broadcast that 172.21.79.0 is in that direction? – Patrick R Jan 27 '10 at 13:51
0

check your routes. perhaps you have different routes for different ips or not the correct netmask. another way to test your connection is to ping with a specified source interface.

Christian
  • 4,645
  • 2
  • 23
  • 27
0

Have you checked if any local firewall is active on any of the involved machines (IPTABLES for Linux, Windows Firewall for Windows)?

If yes, have you tried disabling it?

Massimo
  • 68,714
  • 56
  • 196
  • 319