Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
3
Replies

Traceroute thru FWSM

hclisschennai
Level 1
Level 1

‎04-10-2009 07:19 AM - edited ‎03-11-2019 08:17 AM

Hi,

I am configuring FWSM with INSIDE and OUTSIDE interface (zones). For testing I have configured the access-list as below

access-list OUTSIDE permit ip any any

access-list OUTSIDE permit icmp any any

access-list INSIDE permit ip any any

access-list INSIDE permit icmp any any

access-group OUTSIDE in interface OUTSIDE

access-group INSIDE in interface INSIDE.

I have connected SUN SOLARIS servers and Windows Servers in INSIDE interface.I am able to ping the destination IP address from both SUN SOLARIS & WINDOWS SERVER when i give traceroute from SUN SERVERS it is showing entire hops inbetween the Server and destination IP Address. But where as if i give it from Windows Server it is showing * * * * and after 3 Hops is showing only the Destination IP address. I am surprised whether it is the behaviour of Operating systems or FWSM.

Please guide me

R.B.Kumar

Labels:
0 Helpful
3 Replies 3

hclisschennai
Level 1
Level 1

‎04-11-2009 12:05 AM

Hi,

Any clues.. what could be the issue

RBK

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to hclisschennai

‎04-12-2009 06:36 PM

HI Dear,

Hve you configured the inspection for the icmp_error and please let me know if this fix your problem.Also don't forget have icmp allow ACL's from source to destination in dual direction.

We have a set of FWSM running 3.2(1)got similar kind of error. So Talk in CISCO TAC. The bug ID TAC gave me is: CSCsj53485

From what I was told, this affects version 3.1(5) and 3.1(6) and will be addressed in 3.1(7)

It seems it also affects 3.2(1) and will be addressed in 3.2(2)

It would be helpful if you can talk to CISCO TAC about this, and if they inform you of a bug ID.

Let me know what is the current version used and the bug ID if you get from CISCO TAC and also what new version TAC suggested.This would be helpful for us also.

Kind Regards,

Sachin

0 Helpful

hclisschennai
Level 1
Level 1
In response to sachinga.hcl

‎04-13-2009 10:27 AM

Hi Sachin,

Thanks for your comments.I am using the below version of FWSM

FWSM Version 3.1(12)

Please share your inputs on this. I am interested to know you also faced similar issue. Please let me know the resolution too

R.B.Kumar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card