Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Traceroute thru Pix

I am having some issues tracerouting thru the PIX. When I tracert from a interface with a security level of 99 thru to a segment behind the inside interface I get the following.

Tracing route to [222.192.101.12]over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms [222.192.101.12]

2 <10 ms <10 ms 16 ms [222.192.101.12]

3 <10 ms <10 ms 16 ms [222.192.101.12] Trace complete.

So, it goes like this from a system off the sec99 interface:

sec99 segment =>Pix=>inside interface =>router=>private T1=>router=>222.192.101.12

Hopefully that didn't mess anyone up! But my question is what could be some causes of seeing my address for every hop of the tracert? My expectation is seeing 3 different addresses and mine being the 3rd.

Any help is appreciated and if anyone needs more information please let me know.

Thanks.

2 REPLIES
Cisco Employee

Re: Traceroute thru Pix

This is a known issue, CSCdv33352. Actually this became a feature enhancement rather than a bug because the PIX was working as it was designed, basically it NAT's the ICMP packets as they get returned from each intermediate hop in the traceroute, and so to the originating host it looks like each intermediate hop is the PIX.

This is fixed in 6.3 code due out soon, although I think it will be configurable with a sysopt command or something similar. If you don't configure anything, the PIX will continue to work as it always has.

New Member

Re: Traceroute thru Pix

thanks for the reply.

166
Views
0
Helpful
2
Replies
CreatePlease to create content