We are using Qualys to map our network. The firewalls are set to allow icmp from the scanner to the x.x.x.*/24 network being mapped. For some reason when the mapping scan runs, Qualys isn't detecting the ASA 5510 as a hop in the path. We are running 8.2(1) on the ASA. I do see the hit count increase on the icmp rule during the mapping scan, so the scan is traversing the ASA, but the ASA isn't being detected except as a resource on the destination network. Is this a "working as designed" scenario, or is there some sort of "stealth" setting on the ASA which would do this, or is there something else going on?
Resources are cabled (L2) to vlans on a 6509 switch. The route is: Scanner -(vlan1)- Firewall1 -(vlan2)- ASA -(vlan3)- dest netwk (x.x.x.*/24)
Qualys map results: Scanner - Firewall1 - 6509 Switch L3 ip addr - dest netwk (x.x.x.*/24)
Any help, ideas, or clues would be appreciated. Thank you.