Reset Search



Missing tracert hops in VRF Other than Global

« Go Back


TitleMissing tracert hops in VRF Other than Global
  • NAT client  on non Global VRF sees different traceroute output than Client on Global VRf
  • Static NAT entry will resolve the issue
  • Using NATP to access the internet, and notice missing hops when using tracert.  
  • It works if the NAT is done by a firewall.
  • The difference between the two is that the firewall is replacing the inner packet in the ICMP error message with the original values.  
  • S-Series
  • NAT 
  • Tracert
It does appear that NAT is not handling  an ICMP Time-to-live exceeded message.We should be natting back the address in the inner packet. 

If an ICMP error packet matches a NAT list rule the inner packet may not be properly natted back to the original source.
Upgrade to Firmware 8.62.01
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255