04-17-2002 08:05 PM - edited 03-08-2019 10:21 PM
Hi,
Whenever a client would do a trace from their network to one of their server colocated to our network, an asterisk would appear just when the IP of that server should appear. Those servers are all behind Pix535. Obviously the Pix blocks such request. I wonder what port should i open to get desired result. Any help will be greatly appreciated.
04-17-2002 08:27 PM
PC trace route or tracert uses icmp. you need to permit icmp type 8 and type 0 (echo and echo-reply)
04-17-2002 10:13 PM
Hi,
I have actually done exactly what you suggest. I permitted icmp type 0 and 8 on both interfaces ( outside and perimeter1) since I am doing a static NAT from perimeter1 to outside interface. But traceroute still doesn't go through. Any more ideas? Thanks...
04-18-2002 08:59 PM
Anybody who like to help? Thanks.
04-22-2002 08:06 AM
You must permit outbound UDP packets (enable by default) and permit ICMP packets in, this packets should be ICMP type 11, code 0 (time to live exceeded in transit) and ICMP type 3, code 3 (destination unreachable, port unreachable ). For more information take a look at.
04-22-2002 06:10 PM
Hi fmadar,
thanks for the white paper. it helped me analyze my configuration to achive what i wanted, and i did!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: