Wow ... spot on ... I also found out that the traceroute also fails from Unix boxes too !!! sounds like your theory is spot on !!!! We have 3 exit points .. 2 Pix Firewalls and a Novell BorderManager ... Tomorrow I will explicitly allow all traffic in and out from a Unix box and a Router through a Pix to test your theory !!! but it sounds good to me ... I know that ICMP is allowed ... and from what I can remember .... I think UDP may be getting filtered !!!!
Nice one Daniel .... Regards Paul ... ----- Original Message ----- From: "Daniel Cotts" To: "'Paul'" ; Sent: Wednesday, July 03, 2002 8:42 PM Subject: RE: Specify DNS on a Router ... [7:48009] > If the issue is true for all routers and switches then extended trace isn't > the solution. I believe that Microsoft implements tracert differently from > the standard which Cisco uses. Next guess is that you have a firewall that > is blocking the traffic. Here's some snips from old GroupStudy posts: > > "Unix and Cisco send UDP packets, but > Microsoft actually sends 3 ICMP echo requests. Using traceroute on > different platforms may yield different results. Especially when you have > firewall rulesets involved." > > "Here's a description of how it works in Unix. > > Traceroute sends out a UDP packet addressed to the target machine, port > 33434, with a "TTL" field set to 1. The first hop accepts the packet, > decrements the "TTL" field (as required by the IP spec), and sees that > the resulting TTL is 0. It then sends an ICMP Time Exceeded message to > the original host. > > This is repeated twice, and the host records the elapsed time between > sending the packet and receiving the "Time Exceeded" packet. It reports > this for each of the three packets. > > Then, the host increments the port number (33434 + 1 = 33435) and the > TTL field (1 + 1 = 2), and sends another packet to the same target > machine. This time, the packet will get to the second hop before the > TTL field becomes a 0. So now the second hop will send ICMP Time > Exceeded messages to the host. > > This is repeated over and over until an ICMP Port Unreachable message is > received. This is how the host knows it's reached the destination. > This is also why it uses UDP port 33434 and up, because it's pretty safe > to assume that no service will be running on any of those ports." > > > > > -----Original Message----- > > From: Paul [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, July 03, 2002 2:00 PM > > To: Daniel Cotts > > Subject: Re: Specify DNS on a Router ... [7:48009] > > > > > > Cheers Daniel ... > > > > I was using 'traceroute aaa.bbb.ccc.ddd' > > > > Does traceroute perform differently to trace ???? > > > > I am experiencing this problem from all routers and switches > > !!! but all > > workstations and servers perform a tracert without any problems !!! > > > > I will try the extended trace tomorrow in work ... > > > > Thanks again ... > > > > Paul ... > > ----- Original Message ----- > > From: "Daniel Cotts" > > To: > > Sent: Wednesday, July 03, 2002 6:11 PM > > Subject: RE: Specify DNS on a Router ... [7:48009] > > > > > > > I'm assuming that your trace problem is from your router. > > > Standard trace would be: > > > router#trace aaa.bbb.ccc.ddd > > > > > > Just in case it's choking on your external ip address -- > > > Try an extended trace: > > > > > > router#trace > > > Protocol [ip]: > > > Target IP address: aaa.bbb.ccc.ddd > > > Source address: xxx.yyy.zzz.111 (one of your internal interfaces) > > > Numeric display [n]: > > > Timeout in seconds [3]: > > > Probe count [3]: > > > Minimum Time to Live [1]: > > > Maximum Time to Live [30]: > > > Port Number [33434]: > > > Loose, Strict, Record, Timestamp, Verbose[none]: > > > Type escape sequence to abort. > > > Tracing the route to aaa.bbb.ccc.ddd > > > > > > > -----Original Message----- > > > > From: Paul [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, July 03, 2002 10:46 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: Specify DNS on a Router ... [7:48009] > > > > > > > > > > > > Doh !!!! Cheers Tim ... > > > > > > > > The underlying problem that I have is that within my LAN > > > > at work .. I > > > > can ping externally using DNS and IP fine .. However, If I > > > > try to traceroute it does not work !!! All I get is the > > > > timeout asterisks .... but I can successfully traceroute from > > > > workstations, > > > > servers and even Novell boxes !!!! > > > > > > > > Do anyone have any ideas ??? > > > > > > > > Regards .. > > > > > > > > Paul .. > > > > ----- Original Message ----- > > > > From: "Bob Timmons" > > > > To: > > > > Sent: Wednesday, July 03, 2002 4:22 PM > > > > Subject: Re: Specify DNS on a Router ... [7:48009] > > > > > > > > > > > > > ip name-server x.x.x.x > > > > > > > > > > > Hi all ... > > > > > > > > > > > > Quick easy question to you all ... can and how do you > > > > specify what > > > > DNS > > > > > > server to use on a router ??? > > > > > > > > > > > > Regards > > > > > > > > > > > > Paul ... > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48053&t=48009 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
