Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't traceroute through interfaces on ASA - possible

Hi,

From a windows PC I can't tracert or pathping though different interfaces on the ASA 5520 or to the internet, is this something that can be achieved?

3 REPLIES

Re: Can't traceroute through interfaces on ASA - possible

Yes !!!! it can be achieved.

For ASA/PIX 7.X

Use following access-list

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any source-quench

access-list 101 permit icmp any any unreachable

access-list 101 permit icmp any any time-exceeded

access-group 101 in interface outside

Or

Add following policy statement to global policy.

policy-map global_policy

class inspection_default

inspect icmp

HTH...rate if helpfull....

New Member

Re: Can't traceroute through interfaces on ASA - possible

Thanks, I have added:

policy-map global_policy

class inspection_default

inspect icmp

But no change. I'm trying from a subinterface off the ASA (VLAN in a 3750). Do I need to do something else?

Thanks

Re: Can't traceroute through interfaces on ASA - possible

Can you paste your ASA config ??

517
Views
0
Helpful
3
Replies
CreatePlease to create content