07-10-2017 05:43 AM - edited 03-08-2019 11:15 AM
HI All,
when i am trying to do trace-route from one location to Data center its giving asterisk alone but when i try to do the same from HQ to Location am getting expected result. Kindly help me understanding this better. I googled as well but didn't get any answer.
Loaction01#traceroute x.x.x.x
Type escape sequence to abort.
Tracing the route to x.x.x.x
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 *
07-10-2017 06:10 AM
Hi
Your ISP may block it if its going through a firewall or mpls network , they may not want you to see the path , ask them to open it up so you can see all hops from source to destination , give them the source and destination ip and example of what your seeing
we have same issue with one of global ISPs they have their MPLS paths blocked when tracing through their network we had to get them to open it up , it actually happened after they upgraded there core alcatel boxes
07-10-2017 07:24 AM
Thanks for your reply .if that is a case then my reverse path i.e from my HQ to that location is providing clear expected trace route till end . How it is this is working then . Kindly share your input.
07-10-2017 07:30 AM
Then it may not be the MPLS provider , there maybe a device in path firewall / IDS that's only blocking icmp trace routes one way , could even be the router with an ACL in place not allowing it out
07-10-2017 10:00 AM
Though i know , but not sure sofor confirmation i have posted this.. Excuse i didnt give much infor. Its a VPN IPSEC link.
So from HQ side all working fine as expected . I am sure that ACL is not blocking because am the one who manages both sides . in branch side VPN router then Internet router . in between there might be a firewall .so Not sure with the Firewall . Let me work on that and update ..Any how thanks for your reply. So nice of you.
07-11-2017 06:26 AM
ok but if your tracing through the IPsec tunnel you would need to allow icmp through in the ACL which allows the interesting traffic through the tunnel or it will be blocked by default , only traffic that's specifically set including ICMP needs to be allowed if your trying to trace through the tunnel itself , aswell the pc your tracing from would need to be in that subnet too or else the traffic wont go through the IPsec and will show *** as its encrypted so it wont show the actual hops
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide