I am trying two solutions for getting "traceroute" across ASA to work. First solution is working for me but the second solution is not working.
Am I missing something?
Allowing the "time-exceeded" and "unreachable" to outside interface.
access-list mine extended permit icmpacl any any time-exceeded
access-list mine extended permit icmpacl any any unreachable
access-group icmpany in interface outside
I am not allowing the "time-exceeded" and "unreachable" to outside interface. Rather I am relying on inspect icmp and icmp error.
inspect dns migrated_dns_map_1
inspect h323 h225
inspect h323 ras
inspect icmp error