[66045] in North American Network Operators' Group
Re: Trace and Ping with Record Option on Cisco Routers
daemon@ATHENA.MIT.EDU (Crist Clark)
Mon Dec 22 18:18:44 2003
Date: Mon, 22 Dec 2003 15:18:01 -0800
From: Crist Clark <crist.clark@globalstar.com>
To: Danny.Andaluz@triaton-na.com
Cc: nanog@merit.edu
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog-outgoing@merit.edu
> Danny.Andaluz@triaton-na.com wrote:
>
> Hey, Group.
>
> In my production network, I'm trying to do some extended traces and pings with the record option turned on to see what route my packets take going and returning. It's not working. If I do the extended traceroute or ping without the record option, it works fine. There is a firewall (PIX) a few hops in front of the destination I'm trying to record the route for. What part of ICMP is this that needs to be opened on the firewall to allow this to come back? First time I'm coming across this.
It's not ICMP. It's the IP Options. Most firewalls will drop any
packet with an IP Options. Many firewalls will not let you turn this off.
I do not know how to allow IP Options through a PIX, but I know how to
do it in Cisco IOS.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
