Trace and Ping with Record Option on Cisco Routers

Tue Dec 23 14:30:31 UTC 2003

That's exactly it, Crist.  I did a little research and that the PIX drops
any packets with IP Options turned on.  Currently there is no workaround.
This is IP Option 7 to be exact.

Thanks,
Danny

-----Original Message-----
From: Crist Clark [mailto:crist.clark at globalstar.com] 
Sent: Monday, December 22, 2003 6:18 PM
To: Andaluz, Danilo, Triaton/NA
Cc: nanog at merit.edu
Subject: Re: Trace and Ping with Record Option on Cisco Routers

> Danny.Andaluz at triaton-na.com wrote:
> 
> Hey, Group.
> 
> In my production network, I'm trying to do some extended traces and 
> pings with the record option turned on to see what route my packets 
> take going and returning.  It's not working.  If I do the extended 
> traceroute or ping without the record option, it works fine.  There is 
> a firewall (PIX) a few hops in front of the destination I'm trying to 
> record the route for.  What part of ICMP is this that needs to be 
> opened on the firewall to allow this to come back?  First time I'm 
> coming across this.

It's not ICMP. It's the IP Options. Most firewalls will drop any packet with
an IP Options. Many firewalls will not let you turn this off. I do not know
how to allow IP Options through a PIX, but I know how to do it in Cisco IOS.
-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031223/3254144e/attachment.html>