Cisco PIX firewall -- how can I get traceroute to function?

I have  PIX with three interfaces.  The outside interface is connected to a cable modem, the dmz interface is connected to network and the inside interface is connected to network  My security policy is simple, unrestricted outbound access from both dmz and inside.  No access from outside to inside. Limited access from outside to dmz (only dns and http).  It's all working pretty good except I am unable to successfully initiate traceroute from a host on either the inside or dmz networks to a host on the Internet.  It seems I need to permit something inbound that I am not currently permitting.  Do I need to modify an ACL in some fashion?
Who is Participating?
kyleb84Connect With a Mentor Commented:

Please close this question properly by choosing Yes to the "Is this what you were looking for?" and grading my answer.

ICMP needs to be enabled inbound.
Specifically ICMP Type 8 (echo-request) and 11 (time-exceeded)

Cisco guide on enabling pings:

w6hrAuthor Commented:
Great, that works!!  Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.