cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
475
Views
0
Helpful
2
Replies

Traceroute thru Pix

b-pelphrey
Level 1
Level 1

I am having some issues tracerouting thru the PIX. When I tracert from a interface with a security level of 99 thru to a segment behind the inside interface I get the following.

Tracing route to [222.192.101.12]over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms [222.192.101.12]

2 <10 ms <10 ms 16 ms [222.192.101.12]

3 <10 ms <10 ms 16 ms [222.192.101.12] Trace complete.

So, it goes like this from a system off the sec99 interface:

sec99 segment =>Pix=>inside interface =>router=>private T1=>router=>222.192.101.12

Hopefully that didn't mess anyone up! But my question is what could be some causes of seeing my address for every hop of the tracert? My expectation is seeing 3 different addresses and mine being the 3rd.

Any help is appreciated and if anyone needs more information please let me know.

Thanks.

2 Replies 2

gfullage
Cisco Employee
Cisco Employee

This is a known issue, CSCdv33352. Actually this became a feature enhancement rather than a bug because the PIX was working as it was designed, basically it NAT's the ICMP packets as they get returned from each intermediate hop in the traceroute, and so to the originating host it looks like each intermediate hop is the PIX.

This is fixed in 6.3 code due out soon, although I think it will be configurable with a sysopt command or something similar. If you don't configure anything, the PIX will continue to work as it always has.

thanks for the reply.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: