Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Trace routes

I have been trying to run trace routes from my site to the internet and every time it never makes it past my 3640 router. Our connection to the internet is firewalled with a PIX 520. What could be the cause?

Thanks

4 REPLIES
VIP Purple

Re: Trace routes

Hello,

your PIX is probably blocking ICMP (Ping & Traceroute) traffic, most firewalls do. Check the PIX log for any dropped ICMP traffic from your source address.

Regards,

Georg

Community Member

Re: Trace routes

I took out three lines from my pix.

access-list xxxxxx deny icmp any any echo

access-list xxxxxx deny icmp any any echo-reply

access-list xxxxxx deny icmp any any

Still does not work....any ideas. Could it be the ISP?

Community Member

Re: Trace routes

It appears as though you have ICMP denied . get that out of your firewall and you should be fine..

Community Member

Re: Trace routes

Are you running MPLS somewhere in your network?, if your pings are working OK, but the tracert, could be because there are MPLS features enabled..

HTH

96
Views
0
Helpful
4
Replies
CreatePlease to create content