Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2434
Views
5
Helpful
9
Replies

Allow tracert/pathping through firewall?

whiteford
Level 1
Level 1

‎09-22-2008 02:53 AM - edited ‎03-11-2019 06:47 AM

Hi,

I have an ASA 5520, I am using sub-interfaces to a VLAN switch (Cisco 3750). I'm based on the "inside" and I need to use pathping and tracert from my PC to these remote networks that are on the VLANs.

I think the firewall might be blocking this, but am not sure. As soon as my trace gets to the firewall I get the * * * appear as if it's getting blocked.

Any Ideas?

Labels:
0 Helpful
9 Replies 9

whiteford
Level 1
Level 1
In response to andrew.prince

‎09-22-2008 07:31 AM

Hi,

I just want the DMZ1 servers to tracert to my inside PC, do you know how I can do through the ASDM?

0 Helpful

andrew.prince
Level 10
Level 10
In response to whiteford

‎09-22-2008 07:38 AM

Did you read the url?

It outlines the procedure quite well I thought.

It also depends on the version of IOS you are using, the document covers it:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#topic0

HTH>

0 Helpful

whiteford
Level 1
Level 1
In response to andrew.prince

‎09-22-2008 07:44 AM

Thing is I can ping fine, it's just the tracert and pathpings

0 Helpful

andrew.prince
Level 10
Level 10
In response to whiteford

‎09-22-2008 07:47 AM

Have you actually configured:-

policy-map global_policy

class inspection_default

inspect icmp

As the document instructs you to or:-

class-map class-default

match any

policy-map global_policy

class class-default

set connection decrement-ttl

HTH>

0 Helpful

whiteford
Level 1
Level 1
In response to andrew.prince

‎09-22-2008 07:53 AM

policy-map global_policy

class inspection_default

inspect icmp

has been added, is that a NAT I have to add?

0 Helpful

gpadmin
Level 1
Level 1
In response to andrew.prince

‎06-25-2021 05:13 AM

The url you linked is now broken and I am having the same issues as the original poster. I figured since your are an Advocate, you would be able to point me in the right direction to find another one that read like your original link?

 

Thanks in advance.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gpadmin

‎06-25-2021 05:27 AM

@gpadmin The posts you are replying to are 13 years old.

For more current advice (and non-broken links as of June 2021), please check out these articles:

For ASA (old post but still 100% accurate):

https://packetu.com/2009/10/09/traceroute-through-the-asa/

For FTD:

https://packetu.com/2018/08/12/traceroute-through-firepower-threat-defense/

gpadmin
Level 1
Level 1
In response to Marvin Rhoads

‎06-25-2021 08:11 AM

Thanks Marvin. I didn't realize the date-timestamp of those posts. Just found them having issues trying to get pathping results which I believe might be due to our ASA5508 firewall. I'll check out the ASA link. Your help is very much appreciated, thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card