Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trace command in PIX v7.0

Hi,

By default trace/traceroute can't be executed in pix/asa. But i believe it can be enabled.

Can someone suggest me with the sample config of the same!!

The running iOS version is 7.0

1 REPLY

Re: Trace command in PIX v7.0

Partha,

Try one of these two methods.

1-

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside

or

2-

policy-map global_policy

class inspection_default

inspect icmp

Check this link for more details on PIX/ASA ICMP and traceroutes handling.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

Rgds

Jorge

97
Views
0
Helpful
1
Replies