[j-nsp] Traceroute not working as expected

james list jameslist72 at gmail.com
Tue Dec 19 08:02:55 EST 2017


Thanks all
It was an issue with the provider which triggered the redirect.

Cheers

Il 18 Dic 2017 23:32, "Dan White" <dwhite at olp.net> ha scritto:

> Il 18 Dic 2017 21:51, "Dan White" <dwhite at olp.net> ha scritto:
>>
>>> If I made traceroute to a wan location 10.2.0.1 from 3) I get:
>>>> 10.1.0.1
>>>> then wan mpls
>>>>
>>>> If I made traceroute to a wan location 10.2.0.1 from 4) I get:
>>>> 10.1.0.2
>>>> 10.1.0.1
>>>> Then wan carrier mpls
>>>>
>>>> What can cause the issue only to firewallC?
>>>> This is why I guess I cannot establish ipsec vpn from remote to
>>>> firewallC.
>>>>
>>>
>>> ICMP redirect is the first thing that comes to mind, along with perhaps
>>> inconsistent ICMP filtering rules.
>>>
>>
> On 12/18/17 22:14 +0100, james list wrote:
>
>> Yes I tought it but why only for one firewall and not the other?
>>
>
> What configuration differences are there in this network? Where is ICMP
> Redirect configured (or not)? Any ICMP filter/firewall rules you have in
> this network will break things in very creative ways, so think carefully
> about whether you really need them (if they exist).
>


More information about the juniper-nsp mailing list