I've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton of info on this and everyone just says to allow ICMP time-exceeded and echo-reply which my permit icmp any any should cover, right? Anything else I should check? Thanks
Re: Traceroute through Pix501 still not working...
Great, thanks very much! It turns out one of our admins had blocked the icmp time-exceeded msg from the router between myself and the pix...so the pix was fine, but the router was breaking traceroute. Thanks!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...