Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cannot trace to hosts on ISR's using FW feature set

The issue is that we can trace between networking equipment on tunnels involving the ISR routers using Firewall feature set, but we cannot trace to hosts. For example from (US)AS1, I can trace to (UK)CS1's 192.168.1.2 ip address, but not to host that I find in the arp table for that vlan. I have added ICMP TTL exceeded and TTL time-outs to the ACL's, but it still does not work.  Any helf would be greatly appreciated

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Cannot trace to hosts on ISR's using FW feature set

Elijay, You stated that you are using ISR's. Are you perhaps running inspection? If so, you may want to check your ICMP rules for router-traffic and timeouts. You may want to increase the timeout setting.

2 REPLIES
Community Member

Cannot trace to hosts on ISR's using FW feature set

Elijay, You stated that you are using ISR's. Are you perhaps running inspection? If so, you may want to check your ICMP rules for router-traffic and timeouts. You may want to increase the timeout setting.

Community Member

Cannot trace to hosts on ISR's using FW feature set

We were able to fix the traceroute problem by increasing the inspection timeout value to 20:

ip inspect name insp-outbound icmp timeout 20

thanks hunt-j

167
Views
0
Helpful
2
Replies
CreatePlease to create content