Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Traceroute through Pix501 still not working...

Hi

I've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton of info on this and everyone just says to allow ICMP time-exceeded and echo-reply which my permit icmp any any should cover, right? Anything else I should check? Thanks

Jason

2 REPLIES
Cisco Employee

Re: Traceroute through Pix501 still not working...

on the outside access-list if you are permitting icmp any any then it covers all the icmp types

are you sure the upstream router not blocking any icmp type ?

does it work bypassing the pix ?

New Member

Re: Traceroute through Pix501 still not working...

Great, thanks very much! It turns out one of our admins had blocked the icmp time-exceeded msg from the router between myself and the pix...so the pix was fine, but the router was breaking traceroute. Thanks!

Jason

310
Views
0
Helpful
2
Replies