Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
217
Views
0
Helpful
1
Replies

Trace command in PIX v7.0

acharyr123
Level 3
Level 3

‎02-10-2008 10:37 PM - edited ‎03-11-2019 05:01 AM

Hi,

By default trace/traceroute can't be executed in pix/asa. But i believe it can be enabled.

Can someone suggest me with the sample config of the same!!

The running iOS version is 7.0

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎02-10-2008 11:19 PM

Partha,

Try one of these two methods.

1-

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside

or

2-

policy-map global_policy

class inspection_default

inspect icmp

Check this link for more details on PIX/ASA ICMP and traceroutes handling.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card