Question : Problem: Problem with no hop info during traceroute. Blocked, permitted?

Hi,

Pretty simple, but I'm pretty newb...  From this edge router (meaning logged into the router and performing the trace) I want to do a traceroute to a vendor.  Pings work fine, after I added ICMP permits. The trace will complete but I get the "*   *   *" timeout for all the hops.

Am I missing something and blocking myself? The code is the sanitized config off the edge router I'm using (Cisco 2621).
Code Snippet:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LG
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$QwJ5$NX6w3bX9xrCqSdAtfhGwG0
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 204.117.214.10
!
!
!
!
class-map match-any APP
  match access-group 110
!
!
policy-map QoS
  class APP
   priority percent 35
  class class-default
   fair-queue
!
!
!
interface FastEthernet0/0
 ip address xxx.xxx.12.226 255.255.255.224
 ip nbar protocol-discovery
 speed auto
 full-duplex
!
interface Serial0/0
 description T1 Line
 ip address xxx.xxx.111.10 255.255.255.252
 ip access-group internet-in in
 ip access-group internet-out out
 no ip proxy-arp
 service-policy output QoS
!
interface FastEthernet0/1
 ip address 192.168.8.1 255.255.255.0
 shutdown
 duplex auto
 speed auto
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
!
ip access-list extended internet-in
 deny   ip 0.0.0.0 0.255.255.255 any log-input
 deny   ip 10.0.0.0 0.255.255.255 any log-input
 deny   ip 127.0.0.0 0.255.255.255 any log-input
 deny   ip 169.254.0.0 0.0.255.255 any log-input
 deny   ip 172.0.0.0 0.31.255.255 any log-input
 deny   ip 192.0.2.0 0.0.0.255 any log-input
 deny   ip 192.168.0.0 0.0.255.255 any log-input
 deny   ip 194.87.6.0 0.0.0.255 any
 deny   ip 209.1.230.0 0.0.0.255 any
 deny   ip 224.0.0.0 31.255.255.255 any log-input
 deny   ip 240.0.0.0 7.255.255.255 any log-input
 deny   ip 248.0.0.0 7.255.255.255 any log-input
 deny   ip host 255.255.255.255 any log-input
 deny   udp 194.87.6.0 0.0.0.255 any
 permit udp any eq domain any gt 1023
 permit tcp any 206.105.12.224 0.0.0.31 gt 1023 established
 permit icmp any any echo log-input
 permit icmp any any echo-reply log-input
ip access-list extended internet-out
 permit ip xxx.xxx.12.224 0.0.0.31 any
 permit icmp any any echo log-input
logging xxx.xxx.12.230
access-list 1 permit xxx.xxx.12.224 0.0.0.31
access-list 110 permit tcp any host 209.34.xxx.xxx eq 443
snmp-server community dooroo RO
!
line con 0
 password 7 051F031D254540080D0A05
 login
line aux 0
 password 7 1311125456050A2B3F2B3A
 login
line vty 0 4
 password 7 1311125456050A2B3F2B3A
 login
!
!
end
Open in New Window Select All

Answer : Problem: Problem with no hop info during traceroute. Blocked, permitted?

In order to receive traceroute messages, you need to allow icmp ttl-exceeded messages.

permit icmp any any ttl-exceeded



Random Solutions  
 
programming4us programming4us