traceroute from the router with Zone Based Firewall

Unanswered Question
May 12th, 2009

Hi experts,

I've configured a Zone Based firewall on my 871 router with the latest IOS 12.4(24)T. My problem is that when i apply

zone-pair internet-self source internet destination self

i can't receive any traceroute responces from the router. When i make tracerotue from Windows PC behind the router, everything is ok. I checked on the net and i found that Cisco IOS is using UDP traceroute and Windows uses TCP tracert. That's why i have permited all icmp from outside to the router but still doesn't work.

I'm attaching part of my config. Please help!!!

Thanks in advance.

Best Regards.

Tihomir Yosifov

IT support

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Mon, 05/18/2009 - 10:47

If you are not able to successfully ping to an address it may be due to:

1)Routing issue

2) Interface Down

3)Access-list Command

4)Address Resolution Protocol (ARP) Issue

5)Delay

6)Correct Source Address

darkbeatzz Mon, 05/18/2009 - 23:38

first thing I would say about these zone based firewalls is stay a million miles away from them. they are horrible pieces of kit. Just get an asa 5505 instead.

secondly turn off inspect for icmp and that should resolve your issue

zenon_electronics Tue, 05/19/2009 - 00:42

Hi, I can do ping succesfull, but the problem is that the traceroute is not successfull. The traceroute in Cisco router is kind a differend then tracert from Windows mashine! I guess there is the problem.

Thanks .

Actions

This Discussion