04-02-2008 06:29 AM - edited 03-11-2019 05:25 AM
Hi
I've got a pix 501 and I've permitted ALL icmp through the outside and inside access-lists, yet traceroute through this firewall still does not work, it just shows stars for all hops past the pix until the actual final destination. I've read a ton of info on this and everyone just says to allow ICMP time-exceeded and echo-reply which my permit icmp any any should cover, right? Anything else I should check? Thanks
Jason
04-02-2008 07:30 AM
on the outside access-list if you are permitting icmp any any then it covers all the icmp types
are you sure the upstream router not blocking any icmp type ?
does it work bypassing the pix ?
04-02-2008 07:45 AM
Great, thanks very much! It turns out one of our admins had blocked the icmp time-exceeded msg from the router between myself and the pix...so the pix was fine, but the router was breaking traceroute. Thanks!
Jason
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: