I would say so. So far all lab I have done with Cisco devices required me to do with UDP. If you have a windows VM somewhere initiating the traffic, you'll be required to think about opening ICMP one.
That´s my understanding of the lab On Wed, Jan 19, 2011 at 4:39 PM, Johan Bornman <[email protected]> wrote: > Traceroute from any cisco device will always then be the UDP type, for lab > purposes? > > > > > > *From:* Bruno [mailto:[email protected]] > *Sent:* 19 January 2011 08:34 PM > *To:* Johan Bornman > *Cc:* OSL Security > *Subject:* Re: [OSL | CCIE_Security] Object-Groups > > > > We have two types of traceroute. The one performed using ICMP and the one > with UDP > > Windows is the guy who uses the ICMP messages for traceroute while UNIX in > general does it by UDP > > > > The solution which covers unreachable and time-exceed is for UDP type. > > Who starts the traceroute, does it on the UDP range from 33434-33464. The > response comes in format of unreachable / time-exceed > > > > > > On Wed, Jan 19, 2011 at 2:43 PM, Johan Bornman <[email protected]> wrote: > > Hi, > > > > The task asks to allow traceroute. It’s done in an object-group. The > solution from the DSG: > > object-group icmp-type TRACEROUTE > > icmp-object unreachable > > icmp-object time-exceeded > > > > The solution above works great, however when doing a ? I have the following > options: > > ASA/ASA1a(config-icmp)# icmp-object ? > > <0-255> Enter ICMP type number (0 - 255) > > alternate-address > > conversion-error > > echo > > echo-reply > > information-reply > > information-request > > mask-reply > > mask-request > > mobile-redirect > > parameter-problem > > redirect > > router-advertisement > > router-solicitation > > source-quench > > time-exceeded > > timestamp-reply > > timestamp-request > > traceroute > > unreachable > > > > My question is about the traceroute option, will it have the same result > if used or does it have another purpose? > > > > Thanks > > > > Johan > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
