Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Trace Route from inside int

We can trace from cli on asa5510 (8.0(3)) but can not from inside host. We have icmp and echo-reply on both interfaces. The logs show successful building/teardown of ICMP to/from the faddr and there are not any denies by acl's or errors.

Any clues by you smart people?

THANKS!!!!!

C.T.

1 REPLY
Super Bronze

Trace Route from inside int

Hi,

Do you have ICMP Inspection enabled?

If not, add

fixup protocol icmp

fixup protocol icmp error

If those dont help, you could consider adding these to the external interface ACL

access-list permit icmp any any time-exceeded

access-list permit icmp any any unreachable

This document might also help you with troubleshooting and configuring

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

- Jouni

118
Views
0
Helpful
1
Replies
CreatePlease to create content