Traceroute and Pix 515 v6.3 1

[crocodanser]

Hi,

i have a problem with my Pix 515 v 6.3(3). I would like make a traceroute from a inside host toward a outside host.

I tried with this :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800e9312.shtml

but the traceroute can't cross the pix... when traceroute arrive on the Pix, it is in unreachable.

How can i do that?
Could you give me an exemple? What is the rules apply?

thx a lot,
Olivier

 

[Supergrrover]

Forget all that and do

fixup protocol icmp error

That will do the trick as long as you don't block anything with an inside ACL.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[crocodanser]

Thank you for your help.

my config :

access-list INSIDE line 10 permit icmp host myhost any
fixup icmp error


I can cross my pix with traceroute but i can't view hop. Each hop is unreachable... How can i change that??

Thx a lot!
Olivier

 

[Supergrrover]

That depends on what the routers are configured to do between you and the destination. Sometimes I get nothing, sometimes detailed info.

glad it helped

Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[crocodanser]

Hi,

I think this problem come from pix. because if i do a traceroute, Pix is unreachable too... how can i do for that?

1 <1 ms <1 ms <1 ms 192.168.0.254
2 * * * <--- This is the PIX
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 51 ms 65 ms 31 ms 216.239.59.104

This is an exemple with google

Best regards,
Olivier