04-17-2002 08:05 PM - edited 03-08-2019 10:21 PM
Hi,
Whenever a client would do a trace from their network to one of their server colocated to our network, an asterisk would appear just when the IP of that server should appear. Those servers are all behind Pix535. Obviously the Pix blocks such request. I wonder what port should i open to get desired result. Any help will be greatly appreciated.
04-17-2002 08:27 PM
PC trace route or tracert uses icmp. you need to permit icmp type 8 and type 0 (echo and echo-reply)
04-17-2002 10:13 PM
Hi,
I have actually done exactly what you suggest. I permitted icmp type 0 and 8 on both interfaces ( outside and perimeter1) since I am doing a static NAT from perimeter1 to outside interface. But traceroute still doesn't go through. Any more ideas? Thanks...
04-18-2002 08:59 PM
Anybody who like to help? Thanks.
04-22-2002 08:06 AM
You must permit outbound UDP packets (enable by default) and permit ICMP packets in, this packets should be ICMP type 11, code 0 (time to live exceeded in transit) and ICMP type 3, code 3 (destination unreachable, port unreachable ). For more information take a look at.
04-22-2002 06:10 PM
Hi fmadar,
thanks for the white paper. it helped me analyze my configuration to achive what i wanted, and i did!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide