Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE - Traceroute showing same IP for each hop

I'm having problems with traceroute on my servers sitting behind our ACE module. The module is in routed mode and is performing all NAT to the Internet.

When I try to traceroute to any external IP, each hops answer has the same IP address (final destination IP).

Servers not behind the ACE do not have this problem.

I've turned ICMP-Guard off and opened ICMP up on every interface with an permit icmp any any ACL.

Any help would be appreciated.

7 REPLIES
Bronze

Re: ACE - Traceroute showing same IP for each hop

Hi,

you need to configure ICMP inspection to fix this behavior. I will have a look at my config and paste an example once i am back in the office. But yes you can get rid of it. :)

Roble

Bronze

Re: ACE - Traceroute showing same IP for each hop

You have to configure...

!-ACL defining ICMP-

access-list ICMP line 10 extended permit icmp any any

!-Class Map referencing ACL-

class-map match-all ICMP-INSPECT-L4CLASS

description ICMP fixup - L4 Class

2 match access-list ICMP

!-LB Policy which is applied on your client side vlan.

!-Add the class statement and switch on imcp inspection

policy-map multi-match L4-SLB-POLICY

class ICMP-INSPECT-L4CLASS

inspect icmp error

!-Client Side VLAN-

!-Apply the service police otherwise use your existing policy-

interface vlan 3104

service-policy input L4-SLB-POLICY

Hope it helps

Roble

New Member

Re: ACE - Traceroute showing same IP for each hop

Hmmm, funny thing. I had the same problem. Looked every where to find a solution, and then came here before opening a TAC. Going to try out the solution given above in a couple of days after the weekend. AW, thanks a lot for sharing the experience.

Any idea why the ACE modify the source ip of the "TTL expired in transit" packets when traversing through it ????

New Member

Re: ACE - Traceroute showing same IP for each hop

has anyone else had this problem ? I would like to find out the reason behind this

New Member

Re: ACE - Traceroute showing same IP for each hop

I tried this solution but it didn't work. Then i issued a "show access-list ICMP"

and the ACE says that the status of the ICMP access-list is "not active"

Attached is my config. Can some one help me debug this pls

Din

New Member

ACE - Traceroute showing same IP for each hop

I know you first dealt with this years ago but I have just experienced it for the first time with an ACE30 running 5.2.1 code.  Your solution fixed the issue but I am curious if you ever discovered why it is happening.  I am working with Cisco currently but they have failed to provide a reasonable explanantion as to why this happens with the ACE module.

Thanks

Tony

ACE - Traceroute showing same IP for each hop

Hi All,

Could you provide an output showing exactly you guys mean?

Jorge

3430
Views
0
Helpful
7
Replies