enable traceroute from inside thru pix

massoo
Topic Author
New Member

19 years 11 months ago #13294 by massoo

enable traceroute from inside thru pix was created by massoo

hi,

how to enable traceroute from any system inside ie, ALL my LAN to any host outside through pix 515e.

thanks
shann

d_jabsd
Offline
Senior Member

19 years 11 months ago #13295 by d_jabsd

Replied by d_jabsd on topic Re: enable traceroute from inside thru pix

normally, anything leaving a pix can get back in, but for Ping/Trace responses add the following -adapt for your setup.

access-list OUTSIDE_INBOUND_ACL line 1 remark Permit ICMP Responses
access-list OUTSIDE_INBOUND_ACL line 2 permit icmp any interface outside unreachable
access-list OUTSIDE_INBOUND_ACL line 3 permit icmp any interface outside time-exceeded
access-list OUTSIDE_INBOUND_ACL line 4 permit icmp any interface outside echo-reply

don't forget to apply the acl to the outside interface if you don't already have an outside acl.

Time to create page: 0.089 seconds

Free Download

Get 2 VMs for FREE!

Download Now!

Get 2 VMs for FREE!

Free Download!

Manage your Network!

enable traceroute from inside thru pix