cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1564
Views
0
Helpful
3
Replies

traceroute from the router with Zone Based Firewall

Hi experts,

I've configured a Zone Based firewall on my 871 router with the latest IOS 12.4(24)T. My problem is that when i apply

zone-pair internet-self source internet destination self

i can't receive any traceroute responces from the router. When i make tracerotue from Windows PC behind the router, everything is ok. I checked on the net and i found that Cisco IOS is using UDP traceroute and Windows uses TCP tracert. That's why i have permited all icmp from outside to the router but still doesn't work.

I'm attaching part of my config. Please help!!!

Thanks in advance.

Best Regards.

Tihomir Yosifov

IT support

3 Replies 3

Not applicable

If you are not able to successfully ping to an address it may be due to:

1)Routing issue

2) Interface Down

3)Access-list Command

4)Address Resolution Protocol (ARP) Issue

5)Delay

6)Correct Source Address

first thing I would say about these zone based firewalls is stay a million miles away from them. they are horrible pieces of kit. Just get an asa 5505 instead.

secondly turn off inspect for icmp and that should resolve your issue

Hi, I can do ping succesfull, but the problem is that the traceroute is not successfull. The traceroute in Cisco router is kind a differend then tracert from Windows mashine! I guess there is the problem.

Thanks .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: