How to permit ping but forbid tracert

Publication Date:  2012-09-17 Views:  458 Downloads:  0
Issue Description
user want to permit ping but forbid tracert in network,and deny icmp in rule,as a result,both tracert and ping are forbidden  
Alarm Information
NULL
Handling Process
in our equipment:
when we ping, sent package style is echo,type Code is 8,answer package style is echo-reply and type Code is 0
when we tracert,sent package style is the same to ping(but ttl is different),answer package style is ttl-exceeded and type Code is 0
we can refer to acl as follows
acl number 3000
rule 5 permit icmp icmp-type echo
rule 10 permit icmp icmp-type echo-reply
rule 15 deny icmp icmp-type ttl-exceeded
Root Cause
Both of tracert and ping are also achieved by icmp protocol,but the type of icmp protocol are differently,the difference can be distinguished by parameter icmp-type.
Suggestions
NULL

END