[j-nsp] Traceroute not working as expected
Dan White
dwhite at olp.net
Mon Dec 18 17:32:24 EST 2017
>Il 18 Dic 2017 21:51, "Dan White" <dwhite at olp.net> ha scritto:
>>> If I made traceroute to a wan location 10.2.0.1 from 3) I get:
>>> 10.1.0.1
>>> then wan mpls
>>>
>>> If I made traceroute to a wan location 10.2.0.1 from 4) I get:
>>> 10.1.0.2
>>> 10.1.0.1
>>> Then wan carrier mpls
>>>
>>> What can cause the issue only to firewallC?
>>> This is why I guess I cannot establish ipsec vpn from remote to firewallC.
>>
>> ICMP redirect is the first thing that comes to mind, along with perhaps
>> inconsistent ICMP filtering rules.
On 12/18/17 22:14 +0100, james list wrote:
>Yes I tought it but why only for one firewall and not the other?
What configuration differences are there in this network? Where is ICMP
Redirect configured (or not)? Any ICMP filter/firewall rules you have in
this network will break things in very creative ways, so think carefully
about whether you really need them (if they exist).
More information about the juniper-nsp
mailing list