cannot run a traceroute out from inside our network

Unanswered Question
Sep 11th, 2008

For some time now, when we try to run a traceroute from one of our Cisco devices inside our network, or when we attempt a tracert from a workstation, we dont get very far.

We always receive the 1st reply back from our Core router VLAN interface. It is on the 2nd thru 30th lines that we start receiving timeouts (stars).

I wanted to see where this was stopping so I could try to resolve this.

Here is the data.

From our inside network, we have an ASA appliance that lies between our Inside networks and our DMZ. On the other side of the DMZ is another ASA. Just on the other side of the Outside ASA is a Border Router - 3825 ISR. In the DMZ, all devices are connected to a 3550 L3 switch.

I put a sniffer in the DMZ earlier and tried pinging from my workstation. Our

Border router ended up giving me a TTL exceeded message back. Is it possible that he is where all this is stopping??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
satish_zanjurne Thu, 09/11/2008 - 11:58

Hi , there is existing global_policy oin ASA, you need to add inspect icmp command under that policy , on both ASA.

policy-map global_policy

class inspection_default

inspect icmp

By default ASA does not support traceroute in 7.0

HTH...rate if helpful..


This Discussion