09-26-2019 07:01 AM - edited 02-21-2020 09:31 AM
Does ASA continue to try and send icmp messages to hosts that have been removed from configurations such as let's say Netflow exporter IP was removed or changed? Anyway to stop ASA from sending certain ICMP messages to certain destinatinos?
Solved! Go to Solution.
09-26-2019 07:22 AM
An ASA doesn't spontaneously send icmp unreachable messages.
If a host sends a traceroute and the ASA is one of the hops in the routing path, an icmp unreachable may be returned if "decrement-ttl" is set on the ASA service policy (it is not by default).
09-26-2019 08:30 AM
That's correct.
It's not the only possibility but it would be by far the most common cause.
09-26-2019 07:22 AM
An ASA doesn't spontaneously send icmp unreachable messages.
If a host sends a traceroute and the ASA is one of the hops in the routing path, an icmp unreachable may be returned if "decrement-ttl" is set on the ASA service policy (it is not by default).
09-26-2019 08:09 AM
09-26-2019 08:30 AM
That's correct.
It's not the only possibility but it would be by far the most common cause.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide