cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2570
Views
0
Helpful
5
Replies

Trace route giving asterisk alone

imabbas.ece1
Level 1
Level 1

HI All,

when i am trying to do trace-route  from one location to Data center  its giving asterisk alone but when i try to do the same from HQ to Location am getting expected result. Kindly help me understanding this better. I googled as well but didn't get any answer. 

Loaction01#traceroute x.x.x.x
Type escape sequence to abort.
Tracing the route to x.x.x.x
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 *

5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

Hi

Your ISP may block it if its going through a firewall or mpls network , they may not want you to see the path , ask them to open it up so you can see all hops from source to destination , give them the source and destination ip and example of what your seeing

we have same issue with one of global ISPs they have their MPLS paths blocked when tracing through their network we had to get them to open it up , it actually happened after they upgraded there core alcatel boxes

Thanks for your reply .if that is a case then my reverse path i.e from my HQ to that location is providing clear expected trace route till end . How it is this is working then . Kindly share your input.

Then it may not be the MPLS provider , there maybe a device in path firewall / IDS that's only blocking icmp trace routes one way , could even be the router with an ACL in place not allowing it out

Though i know , but not sure sofor confirmation i have posted this.. Excuse i didnt give much infor. Its a VPN IPSEC link.

So from HQ side all working fine as expected . I  am  sure that ACL is not blocking because am the one who manages both sides . in branch side VPN router then Internet router . in between there might be a firewall .so Not sure with the Firewall . Let me work on that and update ..Any how thanks for your reply. So nice of you.

ok but if your tracing through the IPsec tunnel you would need to allow icmp through in the ACL which allows the interesting traffic through the tunnel or it will be blocked by default , only traffic that's specifically set including ICMP needs to be allowed if your trying to trace through the tunnel itself , aswell the pc your tracing from would need to be in that subnet too or else the traffic wont go through the IPsec and will show *** as its encrypted so it wont show the actual hops