About jlangford

jlangford · 10-02-2005

We upgraded our PIXs to 7.0(2) and now cannot see intermediate hops with a traceroute to outside. As a work around I enabled inpect icmp error. This resolved the traceroute but stopped PMTU working (we need PMTU for sessions going via a VPN) so I had...

jlangford · 10-12-2005

Look at the configuration for a username xxx privilege 15 line and change the privilege level.

jlangford · 10-03-2005

I have a workaround by excluding the VPN router to Host IP addresses in the NAT list.This does not appera correct that I have to do this?

jlangford · 10-03-2005

I have captured the icmp debugs which show a difference in the way the ICMP unreachables are NAT'd with the inspect icmp error enabled:Note: I have changed the IP addressesinspect error icmp error enabled:Pix inside:10.90.200.7 > 10.90.100.97: icmp: ...

jlangford · 10-03-2005

The VPN is not terminated on the PIX but via a seperate VPN device (Cisco VPN router).I did not remove the access list. I left booth the inpect icmp error and access lists in place and the PMTU stopped working.

jlangford · 09-09-2004

I used this information to get SDM working in my network (when TAC was no help at all).There was one additional command that I needed to add on the router (and switches for http authentication).aaa authorization exec default group tacacs+

Member Since	‎07-13-2003 05:14 PM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	8

User Statistics

User Activity

Pix 7.0 and traceroute failing intermediate hops

Re: When I log onto my 2811 router (IOS Ver 12.3(8)T8 it dumps m

Re: Pix 7.0 and traceroute failing intermediate hops

Re: Pix 7.0 and traceroute failing intermediate hops

Re: Pix 7.0 and traceroute failing intermediate hops

Re: CMS & ACS 3.0 please help