10-28-2007 11:51 PM - edited 03-03-2019 05:30 AM
hi,
could a pix firewall shows as part of a hop on a tracert?
if not, any reason about it.
coz we have done a tracert on a machine accross a pix and it bypasses the pix as a hop.
thanks
Solved! Go to Solution.
10-29-2007 04:20 AM
Hi
From lab setup
R3(192.168.12.2) -> (192.168.12.1) R1 (192.168.10.56) -> (192.168.10.1 - outside) Pix (192.168.0.99 - inside) -> (192.168.0.42) R2
I allowed icmp from outside to the inside address of 192.168.0.42.
From R3
R3#traceroute 192.168.0.42
Type escape sequence to abort.
Tracing the route to 192.168.0.42
1 192.168.12.1 0 msec 0 msec 4 msec
2 192.168.0.42 0 msec 0 msec *
R3#
So a pix will not show as part of a traceroute. It doesn't bypass the pix as such it still has to go through the pix but the pix does not respond.
HTH
Jon
10-29-2007 04:20 AM
Hi
From lab setup
R3(192.168.12.2) -> (192.168.12.1) R1 (192.168.10.56) -> (192.168.10.1 - outside) Pix (192.168.0.99 - inside) -> (192.168.0.42) R2
I allowed icmp from outside to the inside address of 192.168.0.42.
From R3
R3#traceroute 192.168.0.42
Type escape sequence to abort.
Tracing the route to 192.168.0.42
1 192.168.12.1 0 msec 0 msec 4 msec
2 192.168.0.42 0 msec 0 msec *
R3#
So a pix will not show as part of a traceroute. It doesn't bypass the pix as such it still has to go through the pix but the pix does not respond.
HTH
Jon
10-30-2007 12:59 PM
I think if you allow ICMP to initiate from inside, then the pix certianly shows as a hop
i.e if we do a traceroute from R2 towards R3 then we will see pix as a hop
I do not have a lab to set this up but i have seen the pix ip as a part of trace in the above scenario.
HTH
Narayan
10-30-2007 02:21 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: