Trace routes

Unanswered Question
Jan 8th, 2004
User Badges:

I have been trying to run trace routes from my site to the internet and every time it never makes it past my 3640 router. Our connection to the internet is firewalled with a PIX 520. What could be the cause?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Georg Pauwen Thu, 01/08/2004 - 12:39
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 WAN

Hello,


your PIX is probably blocking ICMP (Ping & Traceroute) traffic, most firewalls do. Check the PIX log for any dropped ICMP traffic from your source address.


Regards,


Georg

ethutchinson Thu, 01/08/2004 - 13:38
User Badges:

I took out three lines from my pix.


access-list xxxxxx deny icmp any any echo

access-list xxxxxx deny icmp any any echo-reply

access-list xxxxxx deny icmp any any


Still does not work....any ideas. Could it be the ISP?

bisys_chh Sat, 01/10/2004 - 06:36
User Badges:

It appears as though you have ICMP denied . get that out of your firewall and you should be fine..

jresendizz Sat, 01/10/2004 - 10:28
User Badges:

Are you running MPLS somewhere in your network?, if your pings are working OK, but the tracert, could be because there are MPLS features enabled..

HTH

Actions

This Discussion