We have two types of traceroute. The one performed using ICMP and the one with UDP Windows is the guy who uses the ICMP messages for traceroute while UNIX in general does it by UDP
The solution which covers unreachable and time-exceed is for UDP type. Who starts the traceroute, does it on the UDP range from 33434-33464. The response comes in format of unreachable / time-exceed On Wed, Jan 19, 2011 at 2:43 PM, Johan Bornman <[email protected]> wrote: > Hi, > > > > The task asks to allow traceroute. It’s done in an object-group. The > solution from the DSG: > > object-group icmp-type TRACEROUTE > > icmp-object unreachable > > icmp-object time-exceeded > > > > The solution above works great, however when doing a ? I have the following > options: > > ASA/ASA1a(config-icmp)# icmp-object ? > > <0-255> Enter ICMP type number (0 - 255) > > alternate-address > > conversion-error > > echo > > echo-reply > > information-reply > > information-request > > mask-reply > > mask-request > > mobile-redirect > > parameter-problem > > redirect > > router-advertisement > > router-solicitation > > source-quench > > time-exceeded > > timestamp-reply > > timestamp-request > > traceroute > > unreachable > > > > My question is about the traceroute option, will it have the same result > if used or does it have another purpose? > > > > Thanks > > > > Johan > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
