Preview Tool

Cisco Bug: CSCsz95950 - ICMP Based Traceroute Fails with ASR Groups on FWSM

Last Modified

Sep 09, 2016

Products (1)

  • Cisco Catalyst 6500 Series Firewall Services Module

Known Affected Releases

3.1(15) 3.2(12) 4.0(5)

Description (partial)


Internet Control Message Protocol (ICMP) Traceroute does not work across a Firewall Services Module (FWSM) when the traffic is routed asymmetrically between two physical modules in failover.


ICMP Type 11 (Time Exceeded) responses are landing on a physical blade that is different from the originating FWSM. This happens because the ICMP connections are not statefully replicated to the failover peer even with ICMP Inspection enabled.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.