Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
4
Helpful
1
Replies

cannot run a traceroute out from inside our network

Kevin Melton
Level 2
Level 2

‎09-11-2008 11:28 AM - edited ‎03-06-2019 01:19 AM

For some time now, when we try to run a traceroute from one of our Cisco devices inside our network, or when we attempt a tracert from a workstation, we dont get very far.

We always receive the 1st reply back from our Core router VLAN interface. It is on the 2nd thru 30th lines that we start receiving timeouts (stars).

I wanted to see where this was stopping so I could try to resolve this.

Here is the data.

From our inside network, we have an ASA appliance that lies between our Inside networks and our DMZ. On the other side of the DMZ is another ASA. Just on the other side of the Outside ASA is a Border Router - 3825 ISR. In the DMZ, all devices are connected to a 3550 L3 switch.

I put a sniffer in the DMZ earlier and tried pinging from my workstation. Our

Border router ended up giving me a TTL exceeded message back. Is it possible that he is where all this is stopping??

Labels:
0 Helpful
1 Reply 1

satish_zanjurne
Level 4
Level 4

‎09-11-2008 11:58 AM

Hi , there is existing global_policy oin ASA, you need to add inspect icmp command under that policy , on both ASA.

policy-map global_policy

class inspection_default

inspect icmp

By default ASA does not support traceroute in 7.0

HTH...rate if helpful..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card