Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
896
Views
0
Helpful
1
Replies

Allowing Trace Route on ASA version - 9.6(3)8

Go to solution
Chaitanya Krishna Narra
Level 1
Level 1

‎12-28-2017 11:43 PM - edited ‎02-21-2020 07:02 AM

Hi Friends..

We have configured our ASA firewall to allow Trace Route to reach outside destinations (over internet), as per configuration attached. 

But, we are unable to get information of hops in ISP path during Tracing Route to reach destination, from host allowed in LAN Network (attached the problem symptoms).

Please let me know, if any correction required on attached configuration to achieve my requirement.

 

 

1 person had this problem
Labels:
Preview file
2 KB
Preview file
17 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎12-29-2017 07:47 AM

It looks like the icmp unreachable packets are being dropped on the outside interface.

I noticed you have 2 ISPs and use one of them for the traceroute destination. If you also have verify reverse-path it could explain the behavior. 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎12-29-2017 07:47 AM

It looks like the icmp unreachable packets are being dropped on the outside interface.

I noticed you have 2 ISPs and use one of them for the traceroute destination. If you also have verify reverse-path it could explain the behavior. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card