Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing TRACEROUTE through PIX

What is required to allow a traceroute to go through the PIX firewall? I believe I have it setup correctly, but I'm still unable to trace through. It just times out when it gets to the firewall. Thanks.

4 REPLIES
New Member

Re: Allowing TRACEROUTE through PIX

Use this ACL applied to your outside interface.

access-list "ACLNAME" permit icmp any any time-exceeded

New Member

Re: Allowing TRACEROUTE through PIX

How do I apply that ACL to the interface? I can't find the command.

New Member

Re: Allowing TRACEROUTE through PIX

access-group "access list name" in interface outside

Gold

Re: Allowing TRACEROUTE through PIX

Just add the following to your outside interface:

access-list permit icmp any any echo-reply

access-list permit icmp any any unreachable

access-list permit icmp any any time-exceeded

access-group in interface outside

** can be anything you want for the outside interface**

save with write mem and also issue claer xlate

pls rate posts if it helps.

212
Views
0
Helpful
4
Replies