Re: Allowing TraceRoute through an access-list

From: mani poopal (mani_ccie@yahoo.com)
Date: Wed Apr 06 2005 - 11:08:48 GMT-3

• Next message: Lee Donald: "RE: Allowing TraceRoute through an access-list"
• Previous message: Joe Gagznos: "Re: I guess I am CCIE(#14539) now...: My checklist #2 revised ("
• Maybe in reply to: Lee Donald: "Allowing TraceRoute through an access-list"
• Next in thread: Lee Donald: "RE: Allowing TraceRoute through an access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Lee,
 
It is port unreachable and time-exceeded(not ttl-exceeded)
 
permit icmp any any time-exceeded
permit icmp any any port-unrechables
 
Mani

Lee Donald <Lee.Donald@t-systems.co.uk> wrote:
I know this is a rather easy thing but I'm having a mental block with
TraceRoute.

I thought you just allow port-unreachable and ttl-exceeded for Cisco trace?
But it's not working, I've tried some of the others but no go.

Exactly which icmp type is it?

My access-list

Any help greatly appreciated.

Extended IP access list INBOUND

10 permit icmp any any ttl-exceeded

20 permit icmp any any port-unreachable

30 permit icmp any any net-unreachable

40 permit icmp any any time-exceeded

Extended IP access list OUTBOUND

10 permit icmp any any ttl-exceeded

20 permit icmp any any port-unreachable

30 permit icmp any any net-unreachable

40 permit icmp any any time-exceeded

Regards

Lee Donald.

• Next message: Lee Donald: "RE: Allowing TraceRoute through an access-list"
• Previous message: Joe Gagznos: "Re: I guess I am CCIE(#14539) now...: My checklist #2 revised ("
• Maybe in reply to: Lee Donald: "Allowing TraceRoute through an access-list"
• Next in thread: Lee Donald: "RE: Allowing TraceRoute through an access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:53 GMT-3