cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


16019
Views
15
Helpful
6
Replies

Tracert Same IP in multiple hops

Hello all,

Can you please help me to understand why i am gettign same IP repated in trace route:-

tracert 103.1.191.10

Tracing route to 103.1.191.10 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.10.10.10

  2    <1 ms    <1 ms    <1 ms  10.10.10.120

  3    <1 ms    <1 ms    <1 ms  19.20.146.241

  4     1 ms    <1 ms    <1 ms  38.100.34.8

  5   193 ms     3 ms   207 ms  66.250.10.1

  6     1 ms     1 ms     1 ms  15.54.30.225

  7     7 ms     7 ms     7 ms  15.54.42.30

  8     8 ms     8 ms     8 ms  15.54.47.30

  9     8 ms     7 ms     7 ms  66.28.4.229

10     8 ms     8 ms     8 ms  15.24.2.22

11     8 ms     8 ms     8 ms  38.104.73.198

12   226 ms   226 ms   226 ms  19.227.108.133

13   279 ms   281 ms   279 ms  14.30.1.42

14   274 ms   275 ms   278 ms  10.10.18.243

15   275 ms   275 ms   274 ms  10.10.18.243

16   277 ms   276 ms   274 ms  10.10.18.243

17   275 ms   275 ms   275 ms  10.10.18.243

18   275 ms   296 ms   275 ms  10.10.18.243

19   275 ms   275 ms   276 ms  10.10.18.243

20   275 ms   275 ms   275 ms  10.10.18.243

21   276 ms   275 ms   275 ms  10.10.18.243

22   276 ms   275 ms   275 ms  10.10.18.243

23   275 ms   275 ms   275 ms  10.10.18.243

24   275 ms   275 ms   276 ms  10.10.18.243

25   276 ms   276 ms   276 ms  10.10.18.243

26   276 ms   276 ms   276 ms  10.10.18.243

27   277 ms   276 ms   276 ms  10.10.18.243

28   277 ms   276 ms   276 ms  10.10.18.243

29   279 ms   299 ms   276 ms  10.10.18.243

30   276 ms   276 ms   277 ms  10.10.18.243

Trace complete.

Thanks in advance

Jagdev

6 REPLIES 6
Hall of Fame Master

Re: Tracert Same IP in multiple hops

The most likely cause is that the traffic is passing through a firewall with a global NAT rule at that point. Every returned packet from that point and beyond will have the NAT address, not the real IP of the hop that decremented the TTL and sent an icmp echo reply.

Highlighted

Tracert Same IP in multiple hops

Thanks Marvin,

Yes, you are right, there is global NAT and this IP 103.1.191.10  (Destination IP) NATed IP, on the same Firewall

10.10.18.243. Is there any fix available.

Thanks

Jagdev

Hall of Fame Master

Tracert Same IP in multiple hops

You're welcome,

If it is a Cisco ASA or Pix, the gloabl policy needs to be modified to accomodate traceroute. Cisco has an article on how to do so here.

Other vendors would need a similar remedy applied.

Please rate helpful responses.

Beginner

Hi Marvin,

Hi Marvin,

I am also getting the same issue but I have no firewall rather a router is doing NAT and a outside static nat is configured. But from inside it is showing all the nodes. Can you explain why this is happening ? For better understanding snapshot is given. Please let me know if you need more information. 

ip nat outside source static 20.20.20.20 100.100.100.5 ( Router 2)

Traceroute from outside PC

======================

PC>tracert 10.10.10.20

Tracing route to 10.10.10.20 over a maximum of 30 hops:

1 0 ms 1 ms 1 ms 20.20.20.1
2 0 ms 0 ms 0 ms 10.10.10.20 (Here we should see the Router 2 as next-hop. NAT is configured on R2)
3 1 ms 0 ms 1 ms 10.10.10.20
4 * 10 ms 0 ms 10.10.10.20

Trace complete.

Explorer

Re: Tracert Same IP in multiple hops

Link is broken

Explorer

Re: Tracert Same IP in multiple hops

MY-4506#traceroute 10.196.208.51
Type escape sequence to abort.
Tracing the route to 10.196.208.51
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.173.1 0 msec 4 msec 0 msec
2 10.196.208.51 148 msec 144 msec 128 msec
3 10.196.208.51 120 msec 136 msec 124 msec
4 10.196.208.51 128 msec 140 msec 120 msec
5 10.196.208.51 156 msec 156 msec 160 msec
6 10.196.208.51 156 msec 160 msec 164 msec
7 10.196.208.51 180 msec 176 msec 180 msec
8 10.196.208.51 180 msec 180 msec 180 msec
9 * *

 

Can anyone help? All the links with the answers are broken.