[afnog] problem tracing route to google.com
Hugo Lombard
hal at elizium.za.net
Thu Aug 11 07:20:46 UTC 2011
On Thu, Aug 11, 2011 at 08:52:30AM +0200, Liliane Uwarugira wrote:
> Hi Hugo, scott and Serge,
>
> Thank you for quick replies. Below is the access-list and the trace route
> from my firewall does not reach google.
>
> access-list inside_out extended permit icmp [my net range] any
>
Hi Liliane
Are you using a PIX/ASA for your firewall? This document seems to
address your situation:
ASA/PIX/FWSM: Handling ICMP Pings and Traceroute
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml
Specifically this bit:
ciscoasa(config)#access-list outside-in-acl remark Allow ICMP Type 11 for Windows tracert
ciscoasa(config)#access-list outside-in-acl extended permit icmp any any time-exceeded
!--- The access-list is for the far end of the ICMP traffic (in this case
!---the outside interface) needs to be modified in order to allow ICMP type 11 replies
!--- time-exceeded):
If I'm mistaken and it doesn't please let me know.
Regards
--
Hugo Lombard
More information about the afnog
mailing list