Solved

Tracert output

Posted on 2011-03-24
5
566 Views
Last Modified: 2012-05-11
I'm in the process of migrating from an old PIX 6.3(3) to a Forefront 2010 server. During this process I'll have both systems running side by side for a while.
I want to verify that I've successfully changed the gateway for a subset of my systems. The PIX doesn't show up as a hop in tracert:

tracert 4.2.2.2
Tracing route to vnsc-bak.sys.gtei.net [4.2.2.2]
over a maximum of 30 hops:
  1    <1 ms    <1 ms    <1 ms  192.168.20.1
(PIX should be here, 192.168.250.1)
  2     1 ms    <1 ms    <1 ms  65.X.X.105 - the IP of our ISP's gateway

How can I easily distinguish the route for this point using tracert? I'm hoping to either get the PIX to be included in the output or a sample of what to look for for traffic successfully routed to  Forefront.
0
Comment
Question by:timbrigham
  • 2
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 500 total points
ID: 35209611
You are going to want this doc:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

Near the bottom it shows the commands to enable the PIX to 'show up' in a tracert.    However, You'll need to upgrade to a new OS for that....   If that is do-able, then this should be the solution.  

Otherwise, I don't think it will be supported in the pix.  


What kind of device is at 192.168.20.1?   Is it cisco?   If so, you can do something like a 'show exact route' to help trace the path.
0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35209617
192.168.20.1 appears to be a router or gateway? This is routing it to the next spot so you should check the routing config on that device.
0
 
LVL 1

Author Comment

by:timbrigham
ID: 35210079
Thanks gentlemen.

192.168.20.1 is an aging Cisco 2811. The PIX is long out of coverage so upgrading isn't an option.
It looks like "sho ip cef exact-route 192.168.20.254 4.2.2.2" should do what I need.

I'm using a route-map applied to a couple interfaces to collect the subset of computers I want to test with. Can I expect the output of this command will accurately reflect the route map?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35210314
I would 'assume' yes.      I've never seen the 'show exact route' to give an incorrect path that differed from the config.    


0
 
LVL 1

Author Closing Comment

by:timbrigham
ID: 35210327
Many thanks.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now