Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

traceroute from the router with Zone Based Firewall

Hi experts,

I've configured a Zone Based firewall on my 871 router with the latest IOS 12.4(24)T. My problem is that when i apply

zone-pair internet-self source internet destination self

i can't receive any traceroute responces from the router. When i make tracerotue from Windows PC behind the router, everything is ok. I checked on the net and i found that Cisco IOS is using UDP traceroute and Windows uses TCP tracert. That's why i have permited all icmp from outside to the router but still doesn't work.

I'm attaching part of my config. Please help!!!

Thanks in advance.

Best Regards.

Tihomir Yosifov

IT support

3 REPLIES
Anonymous
N/A

Re: traceroute from the router with Zone Based Firewall

If you are not able to successfully ping to an address it may be due to:

1)Routing issue

2) Interface Down

3)Access-list Command

4)Address Resolution Protocol (ARP) Issue

5)Delay

6)Correct Source Address

New Member

Re: traceroute from the router with Zone Based Firewall

first thing I would say about these zone based firewalls is stay a million miles away from them. they are horrible pieces of kit. Just get an asa 5505 instead.

secondly turn off inspect for icmp and that should resolve your issue

New Member

Re: traceroute from the router with Zone Based Firewall

Hi, I can do ping succesfull, but the problem is that the traceroute is not successfull. The traceroute in Cisco router is kind a differend then tracert from Windows mashine! I guess there is the problem.

Thanks .

568
Views
0
Helpful
3
Replies