Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

enable traceroute

Sorry I'm new to all this but how do I enable my Pix-525 V7.0 to allow traceroute so I can see if my packets are going over the Pix? Thank you in adavance

3 REPLIES

Re: enable traceroute

Hi Warren,

In your outside interface ACL, allow the following icmp type:

unreachable

time-exceeded

echo-reply

Rgds,

AK

New Member

Re: enable traceroute

on my outside ACL I have put icmp any any would that be the same?

Gold

Re: enable traceroute

hostname(config)# access-list ICMPACL extended permit icmp any any

hostname(config)# access-group ICMPACL in interface outside

To enable the ICMP inspection engine, so ICMP responses are allowed back to the source host, enter the following commands:

hostname(config)# class-map ICMP-CLASS

hostname(config-cmap)# match access-list ICMPACL

hostname(config-cmap)# policy-map ICMP-POLICY

hostname(config-pmap)# class ICMP-CLASS

hostname(config-pmap-c)# inspect icmp

hostname(config-pmap-c)# service-map ICMP-POLICY global

Hope this helps...

105
Views
0
Helpful
3
Replies