North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Trace and Ping with Record Option on Cisco Routers
- From: Danny.Andaluz
- Date: Tue Dec 23 09:30:10 2003
Title: RE: Trace and Ping with Record Option on Cisco Routers
That's exactly it, Crist. I did a little research and that the PIX drops any packets with IP Options turned on. Currently there is no workaround. This is IP Option 7 to be exact.
From: Crist Clark [mailto:[email protected]]
Sent: Monday, December 22, 2003 6:18 PM
To: Andaluz, Danilo, Triaton/NA
Cc: [email protected]
Subject: Re: Trace and Ping with Record Option on Cisco Routers
> [email protected] wrote:
> Hey, Group.
> In my production network, I'm trying to do some extended traces and
> pings with the record option turned on to see what route my packets
> take going and returning. It's not working. If I do the extended
> traceroute or ping without the record option, it works fine. There is
> a firewall (PIX) a few hops in front of the destination I'm trying to
> record the route for. What part of ICMP is this that needs to be
> opened on the firewall to allow this to come back? First time I'm
> coming across this.
It's not ICMP. It's the IP Options. Most firewalls will drop any packet with an IP Options. Many firewalls will not let you turn this off. I do not know how to allow IP Options through a PIX, but I know how to do it in Cisco IOS.
Crist J. Clark [email protected]
Globalstar Communications (408) 933-4387