[j-nsp] Traceroute not working as expected
Dan White
dwhite at olp.net
Mon Dec 18 15:51:00 EST 2017
(Cisco list removed)
On 12/18/17 21:21 +0100, james list wrote:
>In the same broadcast domain (10.1.0.0/24) I have four devices:
>
>1) carrier router .1
>2) firewallA .2
>3) firewallB .3
>4) firewallC .4
>
>Carrier router has a default route to .2 (firewall A).
>
>2-3-4) has gateway to .1
>
>If I made traceroute to a wan location 10.2.0.1 from 3) I get:
>10.1.0.1
>then wan mpls
>
>If I made traceroute to a wan location 10.2.0.1 from 4) I get:
>10.1.0.2
>10.1.0.1
>Then wan carrier mpls
>
>What can cause the issue only to firewallC?
>This is why I guess I cannot establish ipsec vpn from remote to firewallC.
ICMP redirect is the first thing that comes to mind, along with perhaps
inconsistent ICMP filtering rules.
More information about the juniper-nsp
mailing list