Meraki

Community

Why I can't ping to Google

Solved
Peter-DG
Here to help
3 weeks ago
3 weeks ago

Why I can't ping to Google

Hi,

 

Could somebody help me?

 

I have 2 WAN ports on my MX80 now after converting port 2 to WAN, and both have internet cables plugged in. WAN 1 is my primary uplink and it's unable to open google from it because google is blocked in the ISP side. Google is not blocked by ISP on WAN 2, so I added a flow preference to forward VLAN 20 to this port. My problem is, I can open Google, youtube. etc, now, but I can't ping them. If I connect my pc to the WAN 2's ISP router, I can open and ping google. So obviously there are something wrong with my MX settings but after checking my settings for few days, I still don't have any idea.

 

Please help

Thanks.

0 Kudos
1 Accepted Solution
Peter-DG
Here to help
3 weeks ago
3 weeks ago

OK I called MEraki support and their engineer told me all icmp request are directing to primary uplink, so even I added the flow preferece to forward vlan 20 traffics to WAN 2, the icmp packages are sent to WAN 1 since WAN1 is my primary uplink. that's why I can't ping google but I can open google.

View solution in original post

5 Replies 5
Shubh3738
Building a reputation
3 weeks ago
3 weeks ago

You have to allow icmp services on L7 rules.

Shubh3738_0-1733299271255.pngShubh3738_1-1733299316628.png

 

VivekT
Getting noticed
3 weeks ago
3 weeks ago

Hi ,

 

How are you pingining google ? Can you pls share snapshot ? Are you trying to ping it from dashborad ? 

 

If yes pls let us know the source ip 

 

if you are pinging it from system connected behind MX , Can you do the nslookup for google.com?

 

Can you ping other destination Ip address/fqdn ?

 

Is there any rule in MX (Firewall rules) to block ICMP ?

 

0 Kudos
In response to VivekT
Peter-DG
Here to help
3 weeks ago
3 weeks ago

Hi @VivekT ,

 

I ping Google from my pc. when I nslookup google.com, I got:

Non-authoritative answer:
Name: www.google.com
Addresses: 2404:6800:4004:80a::2004
172.217.161.36

 

I can ping other destination IP addresses, like office.com, but google, youtube I cannot. I changed my DHCP DNS to WAN 2 gateway ip address, and In wireshark i can see the DNS request was sent to it when I nslookup google.com, and I can see the ICMP was trying with the IP address from the DNS request, but failed.

0 Kudos
Peter-DG
Here to help
3 weeks ago
3 weeks ago

OK I called MEraki support and their engineer told me all icmp request are directing to primary uplink, so even I added the flow preferece to forward vlan 20 traffics to WAN 2, the icmp packages are sent to WAN 1 since WAN1 is my primary uplink. that's why I can't ping google but I can open google.

In response to Peter-DG
CarolineS
Community Manager
Community Manager
3 weeks ago
3 weeks ago

I’m glad Meraki support was able to diagnose the issue! I’m going to mark your reply as the “solution” for better visibility. Cheers!

Caroline S | Community Manager, Cisco Meraki
New to the community? Get started here
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.