Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
0
Helpful
1
Replies

Traceroute problems

tamarix
Level 1
Level 1

‎02-06-2002 01:48 PM - edited ‎03-01-2019 08:22 PM

I have run into a problem that has me puzzled and wondered if anyone has seen this before.

I can not do a tracert from any desktop inside my network no matter what the destination. I can log onto a switch and do a traceroute from there or I can log into my gateway router and do successfull traceroutes from there but when I do them from any workstation the trace dies at the gateway. I have checked access-lists and am not blocking anything that I am trying to trace. I made sure that my router has ip classless enabled.

If I plug a computer into my dmz zone, outsdie of my firwall I can do a desktop trace just fine.

My gateway router is a 3640 running ver 12.1.(5)T (fc1) Rom Version 11.1(20)AA2. I am also running Lat and Decnet on this router. My firewall is a Pix running 5.1(2)

Also I have no access list restrictions on the Pix that would prevent traceroute from getting through. As I said, I can do a successfull trace from the Gateway router but anytime I try to do one from a server or workstation it times out at the gateway...

Any Ideas????

Labels:
0 Helpful
1 Reply 1

p.krane
Level 3
Level 3

‎02-12-2002 02:40 PM

ICMP is blocked by default at the PIX. Try adding:

conduit permit icmp any any echo-reply

conduit permit icmp any any unreachable

conduit permit icmp any any time-exceeded

and you might need:

conduit permit any any source-quench

Also, I think I remember some ICMP bugs back on the 5.1 platform so you might upgrade your PIX code if the problem still persists. Finally, use debug icmp trace on the PIX to troubleshoot ICMP issues.

0 Helpful
Customers Also Viewed These Support Documents