Trace command in PIX v7.0

Unanswered Question
Feb 10th, 2008

Hi,

By default trace/traceroute can't be executed in pix/asa. But i believe it can be enabled.

Can someone suggest me with the sample config of the same!!

The running iOS version is 7.0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 02/10/2008 - 23:19

Partha,

Try one of these two methods.

1-

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside

or

2-

policy-map global_policy

class inspection_default

inspect icmp

Check this link for more details on PIX/ASA ICMP and traceroutes handling.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

Rgds

Jorge

Actions

This Discussion