Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

cannot run a traceroute out from inside our network

For some time now, when we try to run a traceroute from one of our Cisco devices inside our network, or when we attempt a tracert from a workstation, we dont get very far.

We always receive the 1st reply back from our Core router VLAN interface. It is on the 2nd thru 30th lines that we start receiving timeouts (stars).

I wanted to see where this was stopping so I could try to resolve this.

Here is the data.

From our inside network, we have an ASA appliance that lies between our Inside networks and our DMZ. On the other side of the DMZ is another ASA. Just on the other side of the Outside ASA is a Border Router - 3825 ISR. In the DMZ, all devices are connected to a 3550 L3 switch.

I put a sniffer in the DMZ earlier and tried pinging from my workstation. Our

Border router ended up giving me a TTL exceeded message back. Is it possible that he is where all this is stopping??


Re: cannot run a traceroute out from inside our network

Hi , there is existing global_policy oin ASA, you need to add inspect icmp command under that policy , on both ASA.

policy-map global_policy

class inspection_default

inspect icmp

By default ASA does not support traceroute in 7.0

HTH...rate if helpful..

CreatePlease to create content