traceroute issues with CISCO ASA 5540

Unanswered Question
Mar 3rd, 2009

We have a Cisco ASA connected to the internet through a Cisco 3800 series router. On the inside of the ASA we have a server that is published onto the internet (Static NAT on the ASA to a public IP).

For some reason we require a sucessful traceroute to this server from anywhere in the internet.

The problem is the traceroute is sucessful from a few places, but times out at the ASA from most of the places.

When i bypass the ASA and connect the server directly to the internet with a public IP, trace is sucessful.

ICMP echo and any any is already applied on the ASA to allow tace ICMP packets.

Any idea how to rectify this problem.

Setup:

Server >>>ASA inside--ASA Outside >>> Router >>>>>. Internet.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
victor_87 Tue, 03/03/2009 - 08:18

Thankyou , thankyou very much, i didn't know that. You have opened my eyes.

I wonder y Cisco TAC has this case open from morning, asking for sh tech etc.

Anyway thankyou very much.

Actions

This Discussion