We have a Cisco ASA connected to the internet through a Cisco 3800 series router. On the inside of the ASA we have a server that is published onto the internet (Static NAT on the ASA to a public IP).
For some reason we require a sucessful traceroute to this server from anywhere in the internet.
The problem is the traceroute is sucessful from a few places, but times out at the ASA from most of the places.
When i bypass the ASA and connect the server directly to the internet with a public IP, trace is sucessful.
ICMP echo and any any is already applied on the ASA to allow tace ICMP packets.
Any idea how to rectify this problem.
Server >>>ASA inside--ASA Outside >>> Router >>>>>. Internet.