VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7 - Traceroute [Cisco VPN 3000 Series Concentrators]

Table Of Contents

Traceroute

Administration | Traceroute

Screen Elements

Traceroute

Administration | Traceroute

Caution Traceroute requires Sun Microsystems Java™ Runtime Environment (JRE) 1.4.1 or later. If you do not have JRE installed, do not attempt to run this feature. Running Traceroute without JRE causes the VPN Concentrator Manager to fail.

Traceroute can be a helpful tool for troubleshooting connectivity problems. The Traceroute feature lets you trace the path a data packet takes through the Internet between the VPN Concentrator and a destination device. The VPN Concentrator sends an ICMP or UDP probe to the destination device, then reports the probe's route, the number of hops, and the time between hops.

To use Traceroute, filters on the Public interface must allow the packets through:

•If you are using ICMP probes, the correct ICMP rules are enabled by default. However, if you have changed your default filter settings, check the Configuration | Policy Management | Traffic Management | Filters | Public | Assign Rules to Filter screen. If ICMP In and ICMP Out are not in the Current Rules in Filter list, add them.

•If you are using UDP probes:

–On the Configuration | Policy Management | Traffic Management | Rules | Add screen, create a new filter rule to allow UDP out. On the Policy Management | Traffic Management | Filters | Public | Assign Rules to Filter screen, add the new filter rule to the Current Rules in Filter list.

–On the Configuration | Policy Management | Traffic Management | Filters | Public | Assign Rules to Filter screen, check that Add ICMP In is in the Current Rules in Filter list. If it is not in the list, add it.

Caution To maintain security, disable these filters when you finish using Traceroute.

Figure 7-1 Administration | Traceroute Screen

Screen Elements

•Address/Hostname — Enter the IP address or hostname of the destination device.

•Max TTL — Enter the maximum number of hops for probe packets. Traceroute stops after this many hops. Valid entries are 1 to 255 hops. The default is 30 hops.

•Reverse Resolve — Check this box to resolve the hostnames of intermediate hops to their IP addresses. The default is checked.

•Use UDP — Check this box to send UDP packets rather than ICMP pings, the default.

•Port — If you checked Use UDP, enter the UDP destination port number. The default port number is 33434.

•Apply — Click to run the Traceroute command with these settings.

•Cancel — Click to discard your settings. The Manager returns to the Administration screen.

	VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7
	Traceroute
VPN 3000 Series Concentrator Reference Volume II: Administration and Monitoring, Release 4.7 A PDF Version of the Entire Book Preface Administration Administer Sessions Software Update System Reboot Reboot Status Ping Traceroute Monitoring Refresh Access Rights File Management Certificate Management Monitoring Routing Table Dynamic Filters Filterable Event Log System Status Sessions Statistics Using the Comand-Line Interface Troubleshooting and System Errors Copyrights, Licenses, and Notices Index	Download this chapter Traceroute Table Of Contents Traceroute Administration \| Traceroute Screen Elements Traceroute Administration \| Traceroute Caution Traceroute requires Sun Microsystems Java™ Runtime Environment (JRE) 1.4.1 or later. If you do not have JRE installed, do not attempt to run this feature. Running Traceroute without JRE causes the VPN Concentrator Manager to fail. Traceroute can be a helpful tool for troubleshooting connectivity problems. The Traceroute feature lets you trace the path a data packet takes through the Internet between the VPN Concentrator and a destination device. The VPN Concentrator sends an ICMP or UDP probe to the destination device, then reports the probe's route, the number of hops, and the time between hops. To use Traceroute, filters on the Public interface must allow the packets through: •If you are using ICMP probes, the correct ICMP rules are enabled by default. However, if you have changed your default filter settings, check the Configuration \| Policy Management \| Traffic Management \| Filters \| Public \| Assign Rules to Filter screen. If ICMP In and ICMP Out are not in the Current Rules in Filter list, add them. •If you are using UDP probes: –On the Configuration \| Policy Management \| Traffic Management \| Rules \| Add screen, create a new filter rule to allow UDP out. On the Policy Management \| Traffic Management \| Filters \| Public \| Assign Rules to Filter screen, add the new filter rule to the Current Rules in Filter list. –On the Configuration \| Policy Management \| Traffic Management \| Filters \| Public \| Assign Rules to Filter screen, check that Add ICMP In is in the Current Rules in Filter list. If it is not in the list, add it. Caution To maintain security, disable these filters when you finish using Traceroute. Figure 7-1 Administration \| Traceroute Screen Screen Elements •Address/Hostname — Enter the IP address or hostname of the destination device. •Max TTL — Enter the maximum number of hops for probe packets. Traceroute stops after this many hops. Valid entries are 1 to 255 hops. The default is 30 hops. •Reverse Resolve — Check this box to resolve the hostnames of intermediate hops to their IP addresses. The default is checked. •Use UDP — Check this box to send UDP packets rather than ICMP pings, the default. •Port — If you checked Use UDP, enter the UDP destination port number. The default port number is 33434. •Apply — Click to run the Traceroute command with these settings. •Cancel — Click to discard your settings. The Manager returns to the Administration screen.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks