Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

traceroute issues with CISCO ASA 5540

We have a Cisco ASA connected to the internet through a Cisco 3800 series router. On the inside of the ASA we have a server that is published onto the internet (Static NAT on the ASA to a public IP).

For some reason we require a sucessful traceroute to this server from anywhere in the internet.

The problem is the traceroute is sucessful from a few places, but times out at the ASA from most of the places.

When i bypass the ASA and connect the server directly to the internet with a public IP, trace is sucessful.

ICMP echo and any any is already applied on the ASA to allow tace ICMP packets.

Any idea how to rectify this problem.

Setup:

Server >>>ASA inside--ASA Outside >>> Router >>>>>. Internet.

3 REPLIES

Re: traceroute issues with CISCO ASA 5540

Hall of Fame Super Blue

Re: traceroute issues with CISCO ASA 5540

Victor

The problem you may be facing is that not all traceroutes use ICMP. Windows machines do but Linux for example uses UDP so if you are not allowing that in it won't respond. Have a look at the following document for more details -

http://www.cisco.com/en/US/tech/tk364/technologies_tech_note09186a00801ae32a.shtml

Jon

New Member

Re: traceroute issues with CISCO ASA 5540

Thankyou , thankyou very much, i didn't know that. You have opened my eyes.

I wonder y Cisco TAC has this case open from morning, asking for sh tech etc.

Anyway thankyou very much.

696
Views
5
Helpful
3
Replies