Allowing TRACEROUTE through PIX

Unanswered Question
Sep 5th, 2007

What is required to allow a traceroute to go through the PIX firewall? I believe I have it setup correctly, but I'm still unable to trace through. It just times out when it gets to the firewall. Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cewhitnel Wed, 09/05/2007 - 14:38

Use this ACL applied to your outside interface.

access-list "ACLNAME" permit icmp any any time-exceeded

mkkeyan Thu, 09/06/2007 - 03:31

access-group "access list name" in interface outside

Just add the following to your outside interface:

access-list permit icmp any any echo-reply

access-list permit icmp any any unreachable

access-list permit icmp any any time-exceeded

access-group in interface outside

** can be anything you want for the outside interface**

save with write mem and also issue claer xlate

pls rate posts if it helps.

Actions

This Discussion