Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
3
Replies

enable traceroute

Warren
Level 1
Level 1

‎06-20-2006 09:02 AM - edited ‎03-09-2019 03:19 PM

Sorry I'm new to all this but how do I enable my Pix-525 V7.0 to allow traceroute so I can see if my packets are going over the Pix? Thank you in adavance

Labels:
0 Helpful
3 Replies 3

a.kiprawih
Level 7
Level 7

‎06-20-2006 11:24 AM

Hi Warren,

In your outside interface ACL, allow the following icmp type:

unreachable

time-exceeded

echo-reply

Rgds,

AK

0 Helpful

Warren
Level 1
Level 1
In response to a.kiprawih

‎06-21-2006 04:39 AM

on my outside ACL I have put icmp any any would that be the same?

0 Helpful

jmia
Level 7
Level 7
In response to Warren

‎06-21-2006 06:02 AM

hostname(config)# access-list ICMPACL extended permit icmp any any

hostname(config)# access-group ICMPACL in interface outside

To enable the ICMP inspection engine, so ICMP responses are allowed back to the source host, enter the following commands:

hostname(config)# class-map ICMP-CLASS

hostname(config-cmap)# match access-list ICMPACL

hostname(config-cmap)# policy-map ICMP-POLICY

hostname(config-pmap)# class ICMP-CLASS

hostname(config-pmap-c)# inspect icmp

hostname(config-pmap-c)# service-map ICMP-POLICY global

Hope this helps...

0 Helpful
Customers Also Viewed These Support Documents