Task 1.4 IPS can't ping router-id R1

why i'm can not ping r1 router-id from IPS?
my rack number 3, router-id r1 150.3.1.1 from r1 can ping pix and from IPS can ping pix (183.3.19.9) and r1 (183.3.19.1)


rgds,
Jerri

Comments

  • Make sure you have 'same-security permit intra-interface' enable on the PIX and that you have a host route on R1 for the IPS pointing to the PIX.

    So on R1:

    ip route 183.3.19.10 255.255.255.255 183.3.19.1

    Then you should be all set.


    Regards,
    Nick
  • yes, all done.
    in pix same-security ..... done

    in R1 add ; ip route 183.x.19.10 255.255.255.255 183.3.19.9 ...done

    this make me confused, all task i'm done but can not run.
  • At Task 1.4, PIX does not have a route to R1's loopback. So
    the ICMP reply from IDS, which goes through PIX, will be dropped on PIX. Wait until task 1.6, when you enable OSPF between PIX and R1. After PIX learns R1's loopback from OSPF, you should be able to ping.

    Regards,

    Tony
  • Hi Tony,

    Thanks, in my next lab i will try for test ping after i'm finish task 1.6
  • Hi, any one can help me. why i'm still can not ping between R1 and IPS, after i;m running ospf on PIX and R1. ??

    R1:

    router ospf 1
    router-id 150.2.1.1
    log-adjacency-changes
    network 150.2.1.1 0.0.0.0 area 100
    network 183.2.19.1 0.0.0.0 area 100
    network 183.2.123.1 0.0.0.0 area 100
    !
    ip route 183.2.19.10 255.255.255.255 183.2.19.9


    PIX:

    router ospf 1
    network 183.2.19.0 255.255.255.0 area 100
    router-id 150.2.9.9
    log-adj-changes
    default-information originate
    !
    same-security-traffic permit intra-interface

    ospf neighboring :

    Rack2R1#sh ip ospf neigh

    Neighbor ID Pri State Dead Time Address Interface
    150.2.2.2 0 FULL/ - 00:01:53 183.2.123.2 Serial0/0.123
    150.2.9.9 1 FULL/BDR 00:00:35 183.2.19.9 Ethernet0/0
    Rack2R1#
    Rack2R1#sh ip route ospf | incl 183.2.19.9
    O*E2 0.0.0.0/0 [110/1] via 183.2.19.9, 00:27:05, Ethernet0/0

    Rack2PIX# sh ospf neigh


    Neighbor ID Pri State Dead Time Address Interface
    150.2.1.1 1 FULL/DR 0:00:37 183.2.19.1 inside
    Rack2PIX#


    From IPS to R1 & PIX : (Just to R1 success)

    Rack2IPS# ping 183.2.19.10
    PING 183.2.19.10 (183.2.19.10): 56 data bytes
    64 bytes from 183.2.19.10: icmp_seq=0 ttl=64 time=0.1 ms
    64 bytes from 183.2.19.10: icmp_seq=1 ttl=64 time=0.0 ms
    64 bytes from 183.2.19.10: icmp_seq=2 ttl=64 time=0.0 ms
    64 bytes from 183.2.19.10: icmp_seq=3 ttl=64 time=0.0 ms

    Rack2IPS# ping 183.2.19.1
    PING 183.2.19.1 (183.2.19.1): 56 data bytes

    --- 183.2.19.1 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss
    Rack2IPS# ping 150.2.1.1
    PING 150.2.1.1 (150.2.1.1): 56 data bytes

    --- 150.2.1.1 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss


    From R1 to PIX & IPS :

    Rack2R1#ping 183.2.19.9

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 183.2.19.9, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
    Rack2R1#ping 183.2.19.10

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 183.2.19.10, timeout is 2 seconds:
    .....
    Success rate is 0 percent (0/5)
  • Change the network to be the PIX interface address under your router ospf 1 process.

    i.e.
    router ospf 1
    network 183.2.19.9 255.255.255.255 area 100

    That should fix it.
  • Check the acl on your IDS. It may be blocking pings.
Sign In or Register to comment.