Packet Failure to Reach the Router's Incoming Interface
If there are routing problems, or problems with Layer 2 between the host and the router, the packet may not reach to the router's incoming interface. Send a ping from the host to the router's incoming interface and see if there is any response. If the host is in the same subnet as the router's incoming interface, and you get the ping response, be sure to set up a default gateway on the host pointing to the router's incoming interface. If there is no ping reply, execute show arp on the router and see if the host's arp entry is there. If it is not there, be sure your host is not assigned a duplicate IP address in the network and troubleshoot the problem further on the switch or hub. You may be running into a bad interface, a bad cable, or misconfiguration on the switch.
If the sending host is in a different subnet (multiple hops away), send a ping to the router's incoming interface and see if there is any response. If there is no response, perform a tracert from the host and see where the packets are being dropped. Then troubleshoot the routing issue in that specific device. If you get a reply of the ping packets, be sure to open all the necessary ports for the other traffic there are problems with.
Without the ping test, if you want to see quickly if the packets are reaching the router's incoming interface or not, define an ACL with the log keyword to the end of the ACL. This will send the information about the traffic that is allowed or being dropped by the ACL to syslog. If there is no syslog message generated, the packets are not hitting the router at all. Example 5-17 shows the configuration required to see if the Telnet packets from host 10.1.1.10 are hitting the router's interface Ethernet 0 going to 20.1.1.1.