Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
0
Helpful
1
Replies

traceroute question

marcusbrutus
Level 1
Level 1

‎05-08-2010 11:02 PM - edited ‎03-11-2019 10:42 AM

Hi,

I am dumbfounded over this problem i have.

Whenever i do a traceroute using pingplotter (uses icmp not udp), i get replies from all devices in the path but not from the ASA and our perimeter router. I understand why the ASA doesn't show but i am confused why our perimeter router which is the next hop device after our ASA fails to show in the traceroute results. I connected a laptop to a switch which connectes to the perimter router and traceroute tests show it responding.

Checking the ASA i am able to verify the below:

1. ip inspect icmp and ip inspect icmp error is enabled globally on the ASA.
2. Applied ACL on outside interface allowing all ICMPs to inside.
3. Applied ACL on inside interface allowing all ICMPs to outside.
4. Traceroute from ASA shows perimter router replying.

I would really appreciate any help here.

Thanks in advance.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Kent Heide
Level 1
Level 1

‎05-09-2010 03:10 AM

Add to your global policy under class-default the  "decrement-ttl" check. This will make the ASA show up in traceroute and most likely fix your router aswell.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card