Trace command in PIX v7.0

Unanswered Question
Feb 10th, 2008
User Badges:

Hi,


By default trace/traceroute can't be executed in pix/asa. But i believe it can be enabled.


Can someone suggest me with the sample config of the same!!


The running iOS version is 7.0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sun, 02/10/2008 - 23:19
User Badges:
  • Green, 3000 points or more

Partha,


Try one of these two methods.


1-


access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside


or


2-


policy-map global_policy

class inspection_default

inspect icmp




Check this link for more details on PIX/ASA ICMP and traceroutes handling.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0



Rgds

Jorge

Actions

This Discussion