Traceroute through Pix501 still not working...

Unanswered Question
Apr 2nd, 2008

Hi

I've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton of info on this and everyone just says to allow ICMP time-exceeded and echo-reply which my permit icmp any any should cover, right? Anything else I should check? Thanks

Jason

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Wed, 04/02/2008 - 07:30

on the outside access-list if you are permitting icmp any any then it covers all the icmp types

are you sure the upstream router not blocking any icmp type ?

does it work bypassing the pix ?

jasonhumes Wed, 04/02/2008 - 07:45

Great, thanks very much! It turns out one of our admins had blocked the icmp time-exceeded msg from the router between myself and the pix...so the pix was fine, but the router was breaking traceroute. Thanks!

Jason

Actions

This Discussion