05-12-2009 04:37 AM - edited 03-11-2019 08:30 AM
Hi experts,
I've configured a Zone Based firewall on my 871 router with the latest IOS 12.4(24)T. My problem is that when i apply
zone-pair internet-self source internet destination self
i can't receive any traceroute responces from the router. When i make tracerotue from Windows PC behind the router, everything is ok. I checked on the net and i found that Cisco IOS is using UDP traceroute and Windows uses TCP tracert. That's why i have permited all icmp from outside to the router but still doesn't work.
I'm attaching part of my config. Please help!!!
Thanks in advance.
Best Regards.
Tihomir Yosifov
IT support
05-18-2009 10:47 AM
If you are not able to successfully ping to an address it may be due to:
1)Routing issue
2) Interface Down
3)Access-list Command
4)Address Resolution Protocol (ARP) Issue
5)Delay
6)Correct Source Address
05-18-2009 11:38 PM
first thing I would say about these zone based firewalls is stay a million miles away from them. they are horrible pieces of kit. Just get an asa 5505 instead.
secondly turn off inspect for icmp and that should resolve your issue
05-19-2009 12:42 AM
Hi, I can do ping succesfull, but the problem is that the traceroute is not successfull. The traceroute in Cisco router is kind a differend then tracert from Windows mashine! I guess there is the problem.
Thanks .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: