Question : Can't ping valid IP's even though they work

I cannot ping our public IP's even though they work. In other words our web server is serving web pages ok even though I cannot ping it's public address.

ISP router           57.57.57.101

Our Router (S0)   57.57.57.102

WWW server       63.63.63.130

There is no icmp blocking on the router or web server.  I think that this tracert shows an odd result as well.  I have never seen this.  Notice how the most of the entries bounce between the ISP's router and ours without reaching address 63.63.63.130

Here's the tracert result:

C:\Documents and Settings\Administrator>tracert 63.63.63.130

Tracing route to 63.63.63.130  over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2    16 ms    22 ms    30 ms  10.33.160.1
  3    14 ms    11 ms    11 ms  24.30.161.110
  4    14 ms     9 ms    10 ms  66.75.161.190
  5    16 ms    13 ms    14 ms  66.75.161.17
  6    29 ms    15 ms    15 ms  66.75.161.26
  7    23 ms    23 ms    24 ms  66.185.143.5
  8    14 ms    16 ms    23 ms  151.164.248.61
  9    16 ms    15 ms    12 ms  151.164.41.30
 10    21 ms    13 ms    13 ms  151.164.40.89
 11    29 ms    15 ms    18 ms  151.164.241.213
 12    17 ms    15 ms    15 ms  151.164.191.30
 13    24 ms    32 ms    23 ms  57.57.57.102
 14    19 ms    19 ms    20 ms  57.57.57.101
 15    26 ms    27 ms    25 ms  57.57.57.102
 16    23 ms    23 ms    32 ms  57.57.57.101
 17    48 ms    38 ms    30 ms  57.57.57.102
 18    31 ms    42 ms    31 ms  57.57.57.101
 19    50 ms    36 ms    37 ms  57.57.57.102
 20    36 ms    36 ms    50 ms  57.57.57.101
 21    40 ms    43 ms    52 ms  57.57.57.102
 22    40 ms    46 ms    55 ms  57.57.57.101
 23    53 ms    51 ms    70 ms  57.57.57.102
 24    43 ms    44 ms    42 ms  57.57.57.101
 25    50 ms    52 ms    61 ms  57.57.57.102
 26    51 ms    49 ms    50 ms  57.57.57.101
 27    66 ms    58 ms    61 ms  57.57.57.102
 28    57 ms    56 ms    55 ms  57.57.57.101
 29    77 ms    62 ms    72 ms  57.57.57.102
 30    61 ms    60 ms    67 ms  57.57.57.101

Does anyone know what might be causing this and how to correct it?

NOTE: this is a frame-relay network using a cisco 2620 on our end.  Routing for the 63.x.x.x network is done on the ISP's side meaning that there are only nat translations on the 2620.  All routing to the 63.x.x.x network is directed to our router via the ISP's routers.



Thanks in advance!

Answer : Can't ping valid IP's even though they work

From your router config, my initial answer seems to be true.

ip nat inside source list 100 interface Serial0/0.1 overload

You are doing overloading. This meains your all of the members of access-list 100 can access outside happily but outsiders can not access individual internal hosts. This needs a static definition and here is yours:

ip nat inside source static tcp 192.168.1.201 80 63.63.63.130 80 extendable

Bingo, you are static natting port 80s (as in my first post) two let your web service running. ICMP is simply not translated at all. Traceroute also uses icmp (icmp unreachable messages) for draw the path.

What you are experiencing is normal. If you want the host 192.168.1.201 act as a fully real host under the ip of 63.63.63.130, you have to define a static line without tcp restrictions (you should static nat ALL of your protocols). In terms of security conserns on the other hand, existing config is preferable.

Hope this helps,