Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
942
Views
5
Helpful
3
Replies

traceroute issues with CISCO ASA 5540

victor_87
Level 1
Level 1

‎03-03-2009 07:10 AM - edited ‎03-11-2019 07:59 AM

We have a Cisco ASA connected to the internet through a Cisco 3800 series router. On the inside of the ASA we have a server that is published onto the internet (Static NAT on the ASA to a public IP).

For some reason we require a sucessful traceroute to this server from anywhere in the internet.

The problem is the traceroute is sucessful from a few places, but times out at the ASA from most of the places.

When i bypass the ASA and connect the server directly to the internet with a public IP, trace is sucessful.

ICMP echo and any any is already applied on the ASA to allow tace ICMP packets.

Any idea how to rectify this problem.

Setup:

Server >>>ASA inside--ASA Outside >>> Router >>>>>. Internet.

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎03-03-2009 07:18 AM

Read the below for the solution:-

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

HTH>

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎03-03-2009 07:20 AM

Victor

The problem you may be facing is that not all traceroutes use ICMP. Windows machines do but Linux for example uses UDP so if you are not allowing that in it won't respond. Have a look at the following document for more details -

http://www.cisco.com/en/US/tech/tk364/technologies_tech_note09186a00801ae32a.shtml

Jon

victor_87
Level 1
Level 1
In response to Jon Marshall

‎03-03-2009 08:18 AM

Thankyou , thankyou very much, i didn't know that. You have opened my eyes.

I wonder y Cisco TAC has this case open from morning, asking for sh tech etc.

Anyway thankyou very much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card