Am I right to think that a customer firewall is stopping my trace?

Discussion in 'Cisco' started by maxxot2005, May 6, 2005.

  1. maxxot2005

    maxxot2005 Guest

    My equipment is a cisco 2610 IOS c2600-i-mz.122-10b.

    I configured the following static route:
    ip route 172.16.104.0 255.255.254.0 172.16.32.2

    Ethernet 0/0 address is 172.16.32.1/20

    I can ping the gateway 172.16.32.2 and the router is applying the
    static route:
    xxx#sh ip route 172.16.104.0
    Routing entry for 172.16.104.0/23
    Known via "static", distance 1, metric 0
    Redistributing via ospf 99
    Advertised by ospf 99 subnets route-map static_ospf_ge
    Routing Descriptor Blocks:
    * 172.16.32.2
    Route metric is 0, traffic share count is 1

    However a trace to the remote host 172.16.104.12 always fails:
    Tracing the route to 172.16.104.12

    1 * * *
    2 * * *

    No acl seems be blocking my trace on my router:
    xxx#sh ip access-lists
    Standard IP access list 25
    permit 192.168.0.0, wildcard bits 0.0.255.255
    permit 204.231.97.0, wildcard bits 0.0.0.255
    Standard IP access list static_to_ospf_ge
    permit 172.16.48.0, wildcard bits 0.0.1.255 (1 match) check=74
    permit 172.16.50.0, wildcard bits 0.0.1.255 (1 match) check=73
    permit 172.16.104.0, wildcard bits 0.0.1.255 (3 matches) check=70
    permit 172.16.88.0, wildcard bits 0.0.3.255 (10 matches) check=60
    Extended IP access list 101
    deny ospf any any
    permit ip any any (48 matches)

    I asked to the customer to check if this gateway 172.16.32.2 which
    should be a router has implemented some acl that are stopping my trace
    or if there could be a firewall somewhere.Am I right in your opinion?
    maxxot2005, May 6, 2005
    #1
    1. Advertising

  2. In article <>,
    maxxot2005 <> wrote:
    :My equipment is a cisco 2610 IOS c2600-i-mz.122-10b.

    :I can ping the gateway 172.16.32.2 and the router is applying the
    :static route:

    :However a trace to the remote host 172.16.104.12 always fails:

    :No acl seems be blocking my trace on my router:

    You might have to specifically enable processing of icmp time-exceeded
    messages on your router. No blocking ACL is necessary if your
    router is throwing away what it gets.

    You should be able to check this by using a packet debug, or putting
    an ACL with a 'log' statement on the return traffic.
    --
    History is a pile of debris -- Laurie Anderson
    Walter Roberson, May 6, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. anon

    Norton Firewall Stopping Wanted Pop-Ups

    anon, Oct 3, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    423
    Billh
    Oct 4, 2003
  2. John Horner
    Replies:
    5
    Views:
    482
  3. Careers
    Replies:
    7
    Views:
    578
    Ben Measures
    Jan 31, 2004
  4. =?iso-8859-1?Q?mark=5Fdigital=A9?=

    I think I will get this and I think I will get that

    =?iso-8859-1?Q?mark=5Fdigital=A9?=, Mar 15, 2006, in forum: Digital Photography
    Replies:
    19
    Views:
    481
    =?iso-8859-1?Q?mark=5Fdigital=A9?=
    Mar 18, 2006
  5. Aratzio
    Replies:
    380
    Views:
    5,521
    Dennis M. Hammes
    Apr 1, 2006
Loading...

Share This Page