02-13-2003 12:50 PM - edited 02-20-2020 10:33 PM
I am having some issues tracerouting thru the PIX. When I tracert from a interface with a security level of 99 thru to a segment behind the inside interface I get the following.
Tracing route to [222.192.101.12]over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms [222.192.101.12]
2 <10 ms <10 ms 16 ms [222.192.101.12]
3 <10 ms <10 ms 16 ms [222.192.101.12] Trace complete.
So, it goes like this from a system off the sec99 interface:
sec99 segment =>Pix=>inside interface =>router=>private T1=>router=>222.192.101.12
Hopefully that didn't mess anyone up! But my question is what could be some causes of seeing my address for every hop of the tracert? My expectation is seeing 3 different addresses and mine being the 3rd.
Any help is appreciated and if anyone needs more information please let me know.
Thanks.
02-13-2003 03:40 PM
This is a known issue, CSCdv33352. Actually this became a feature enhancement rather than a bug because the PIX was working as it was designed, basically it NAT's the ICMP packets as they get returned from each intermediate hop in the traceroute, and so to the originating host it looks like each intermediate hop is the PIX.
This is fixed in 6.3 code due out soon, although I think it will be configurable with a sysopt command or something similar. If you don't configure anything, the PIX will continue to work as it always has.
02-14-2003 06:39 AM
thanks for the reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide