Performing a remote traceroute to a device within a VPN

Perform a remote traceroute to a device within a virtual private network (VPN) from a specified Cisco provider-edge (PE) router in order to troubleshoot VPN connectivity.

Before you begin

In order to perform this procedure, first ensure the following:
  • You are in an MPLS VPN network view.
  • If you want to automatically log into the Cisco or Juniper devices, you must first configure login credentials.

Procedure

  1. In the network map, select the Cisco PE router from which you wish perform the VPN traceroute.
    To select multiple devices, press Ctrl.
  2. Right-click one of the selected devices and choose WebTools > Cisco Tools… > Diagnostic Tools… > VRF Traceroute from this device….
  3. Complete the fields in the Cisco VRF Traceroute Tool window.
    From
    Specify the Cisco device or devices from which to perform a VRF traceroute. This field accepts a comma-separated list of IP addresses or hostnames.
    To
    Specify a target device for the traceroute. This field accepts a single IP address or hostname.
    VRF
    Specify the Virtual Routing and Forwarding table (VRF) that contains the device.
    Automatic Login
    Specify that you have already specified Telnet login credentials to use when running this tool. This is not selected by default.
    Username
    Specify a username to use for Telnet access to the devices specified in the Query field. If you have specified multiple devices, then the login credentials that you specify must be valid for all of these devices.
    Password
    Specify a password to use for Telnet access to the devices specified in the Query field. If you have specified multiple devices, then the login credentials that you specify must be valid for all of these devices.
    Passcode
    Specify an optional security authentication measure. Complete this field only if your network administrator has applied RSA SecurID two-factor user authentication to the devices you wish to log into. Type the passcode from your RSA SecurID token.
    Note: Your passcode changes at regular 30 second intervals. Ensure that you launch the tool immediately after supplying the passcode.
    Send: E-Mail To…
    Specify whether the results should be emailed to one or more listed recipients. This option is not selected by default.
    Recipients
    Specify a comma-separated list of recipients to which the results of the tool should be sent. This field is only displayed if Send: E-Mail To… is selected.
  4. Click Start to launch the tool with the parameters specified.
    The results of the ping operation appear in one or more separate browser windows.