Traceroute from any cisco device will always then be the UDP type, for lab purposes?
From: Bruno [mailto:[email protected]] Sent: 19 January 2011 08:34 PM To: Johan Bornman Cc: OSL Security Subject: Re: [OSL | CCIE_Security] Object-Groups We have two types of traceroute. The one performed using ICMP and the one with UDP Windows is the guy who uses the ICMP messages for traceroute while UNIX in general does it by UDP The solution which covers unreachable and time-exceed is for UDP type. Who starts the traceroute, does it on the UDP range from 33434-33464. The response comes in format of unreachable / time-exceed On Wed, Jan 19, 2011 at 2:43 PM, Johan Bornman <[email protected]> wrote: Hi, The task asks to allow traceroute. It’s done in an object-group. The solution from the DSG: object-group icmp-type TRACEROUTE icmp-object unreachable icmp-object time-exceeded The solution above works great, however when doing a ? I have the following options: ASA/ASA1a(config-icmp)# icmp-object ? <0-255> Enter ICMP type number (0 - 255) alternate-address conversion-error echo echo-reply information-reply information-request mask-reply mask-request mobile-redirect parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded timestamp-reply timestamp-request traceroute unreachable My question is about the traceroute option, will it have the same result if used or does it have another purpose? Thanks Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
