Traceroute through Pix501 still not working...

Unanswered Question
Apr 2nd, 2008
User Badges:

Hi

I've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton of info on this and everyone just says to allow ICMP time-exceeded and echo-reply which my permit icmp any any should cover, right? Anything else I should check? Thanks


Jason

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Wed, 04/02/2008 - 07:30
User Badges:
  • Cisco Employee,

on the outside access-list if you are permitting icmp any any then it covers all the icmp types


are you sure the upstream router not blocking any icmp type ?


does it work bypassing the pix ?

jasonhumes Wed, 04/02/2008 - 07:45
User Badges:

Great, thanks very much! It turns out one of our admins had blocked the icmp time-exceeded msg from the router between myself and the pix...so the pix was fine, but the router was breaking traceroute. Thanks!


Jason

Actions

This Discussion