unsuccessful in tracert to gateway

srikanth ath · ‎12-05-2011

Hi experts

here i have problem when i telnet from different switches to sonicwall gateway 10.10.10.1

here i have provided all possible attacehed files for the troubleshoot.

my network set up in short and dirty way

branch office(vlan99)-------------fibre-----------------L3switch(main office)--------sonicwallfirewall-----internet

when i try to ping and tracert to sonicwall gateway 10.10.10.1, here is the response

1. from L3switch ping fine traceroute not reaching gateway

2. from branch office i have 3 L2 switches all in vlan99

ping is fine traceroute not reaching gateway of sonicwall

below attached files i have provided the network diagram(the vlan inf. provided is wrong in the diagram)

can you please guide me on this..

THanks & regards

srikanth

srikanth ath · ‎12-06-2011

Need support of u guys..

do i have to provide more information, other than above.

Thanks & regards

srikanth

cadet alain · ‎12-06-2011

Hi,

don't forget the traceroute in IOS is not implemented like in Windows.It is sending UDP packets with increasing TTL to a high port number and the destination should respond with a icmp port-unreachable message.

So the problem surely lies on the SonicWall device.

Regards.

Alain

Don't forget to rate helpful posts.

sandrabacic · ‎12-06-2011

Check SonicWall FW antispoofing.

srikanth ath · ‎12-06-2011

Hi alain..

can you explain me this clearly i dint understand somehow in a technical way.

It is sending UDP packets with increasing TTL to a high port number and the destination should respond with a icmp port-unreachable message

Thanks & regards

srikanth

cadet alain · ‎12-06-2011

Hi,

Cisco uses the same implementation as Unix/linuxes

http://ccie20728.wordpress.com/2008/12/01/ciscos-traceroute-implementation/

Windows Implementation on the contrary only relies on icmp echo-requests to do the traceroute.

Regards.

Alain.

Don't forget to rate helpful posts.

srikanth ath · ‎12-06-2011

HI alain

thanks for the explanation

when i ping from L3 switch to Sonicwall . the packets are dropped and achieved 99% success.

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!

Success rate is 99 percent (996/1000), round-trip min/avg/max = 1/1/51 ms

Switch#

and the reason behind this. sorry if im giving u pain.

thanks

srikanth

cadet alain · ‎12-06-2011

Hi,

Maybe icmp rate-limiting on the Soniwall.

Regards.

Alain

Don't forget to rate helpful posts.

sleepyshark · ‎12-06-2011

Need a little more troubleshooting information to help on this, please provide the following:

What subnet/VLAN is your L3 switches on?
What subnet are your computers on?
Are you able to ping PAST the sonicwall (externally)
If your computers are not on the same subnet as your Sonicwall, do you have the appropriate routing for the additional subnet added?
Can you see ICMP traffic on the Sonicwall packet monitors?

I am very intimately involved with Sonicwall and their quarks - this is most likely NOT a cisco issue, but a Sonicwall issue and sonicwall doesn't make things very easy to troubleshoot/fix....

Thanks,

Sean Brown (sean@sleepyshark.com)

voice: 212.760.1700 x7001

Wanna learn more about me? Check out my bio

Follow me on LinkedIn