Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Traceroute through ASA

I have an Avamar grid in our home office and another one in our disaster recovery site. On the Avamar grids we have two interfaces created (one for accessing internal servers and one for replication). On the ASA the physical interface associated with the "inside" network is split into two sub-interfaces. One sub-interface is the NIC associated with the internal network uses the normal "inside" interface to get to the Internet. The NIC associated with the replication network uses the other sub-interface and is a direct connection through our ISP to our disaster recovery site.

We're trying to work on a bandwidth issue with the replication and noticed that we're seeing dropped packets. I would like to be able to traceroute from the source Avamar grid to the target Avamar grid but can't get this to work through our ASA. If I traceroute from the NIC associated with the internal network to traceroute works fine. If I do the same thing and specify the source IP as the IP address of the replication NIC on the source Avamar I see the first hop as the switch where the NIC on the Avamar grid is attached. After that I don't see anything other than "* * *".

I've allowed ICMP in general on both ends just to make sure that the issue isn't a wrong ICMP value being allowed (once this works I'll tighten it down). I've also verified that the global inspection rule is inspecting ICMP.

What am I missing to allow traceroute between the two sites?



CreatePlease login to create content