[c-nsp] PIX and FWSM not decreasing TTL (was RE: Weirdtraceroutes through Firewall Services Module (FWSM))
Sam Stickland
sam_mailinglists at spacething.org
Mon May 22 05:23:06 EDT 2006
Hi,
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Christian Zeng
> Sent: 20 May 2006 09:54
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] PIX and FWSM not decreasing TTL (was RE:
> Weirdtraceroutes through Firewall Services Module (FWSM))
>
> Hi,
>
> * Sam Stickland <sam_mailinglists at spacething.org> wrote:
> >A PIX or FWSM does not decrease the TTL of traffic passing through it,
> even
> >though it is a Layer3 device. Therefore, they NEVER show up in
> traceroutes.
>
> >I need these devices to show up in traceroutes. Is this configuration
> >possible? Google turns up surprisingly little on this.
>
> Recently we discussed this behavior with the TAC. The TAC stated that this
> is
> intended and they do not want to implement TTL decreasing in the (near)
> future.
Can anyone confirm whether PIX 7/FWSM 3 shows up in traceroutes when "no
nat-control" is enabled?
Sam
More information about the cisco-nsp
mailing list