Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
619
Views
0
Helpful
4
Replies

Allowing TRACEROUTE through PIX

corey.mckinney
Level 1
Level 1

‎09-05-2007 02:17 PM - edited ‎03-11-2019 04:07 AM

What is required to allow a traceroute to go through the PIX firewall? I believe I have it setup correctly, but I'm still unable to trace through. It just times out when it gets to the firewall. Thanks.

Labels:
0 Helpful
4 Replies 4

cewhitnel
Level 1
Level 1

‎09-05-2007 02:38 PM

Use this ACL applied to your outside interface.

access-list "ACLNAME" permit icmp any any time-exceeded

0 Helpful

corey.mckinney
Level 1
Level 1
In response to cewhitnel

‎09-05-2007 03:11 PM

How do I apply that ACL to the interface? I can't find the command.

0 Helpful

mkkeyan
Level 1
Level 1
In response to corey.mckinney

‎09-06-2007 03:31 AM

access-group "access list name" in interface outside

0 Helpful

jmia
Level 7
Level 7
In response to corey.mckinney

‎09-06-2007 04:40 AM

Just add the following to your outside interface:

access-list permit icmp any any echo-reply

access-list permit icmp any any unreachable

access-list permit icmp any any time-exceeded

access-group in interface outside

** can be anything you want for the outside interface**

save with write mem and also issue claer xlate

pls rate posts if it helps.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card