Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8144
Views
0
Helpful
17
Replies

Still can't traceroute through FTD (6.2.3.2)

Go to solution
peter0023
Level 1
Level 1

‎09-18-2018 05:45 AM - edited ‎02-21-2020 08:15 AM

Hi all

 

I have FTD 2130 version 6.2.3.2 , I'm facing that server trace e.g. 8.8.8.8 always show *

I had read many articles , I had  tried

 

1. set policy from outside to inside allow icmp all

2. add flexconfig with

     policy-map global_policy
       class class-default
        set connection decrement-ttl 

 

 

still not working , someone can help me to fix it? thanks a lot

 

 

 

=============update======================

I fixed this issue , thanks.....

2 people had this problem
0 Helpful
17 Replies 17

Go to solution
samsara
Level 1
Level 1
In response to peter0023

‎09-18-2018 10:24 PM

It seems from device limit , kindly refer to
https://quickview.cloudapps.cisco.com/quickview/bug/CSCuy04691

0 Helpful

Go to solution
ben360
Level 1
Level 1

‎10-16-2020 12:05 PM

Can you expand on the fix?

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to ben360

‎10-18-2020 08:34 AM - edited ‎10-18-2020 08:37 AM

Along with enabling ICMP inspection on the global policy map, you need to allow the ICMP unreachable and time exceeded in inbound direction on the ACL applied on the outside interface.

You can enable ICMP inspection from Firepower CLISH mode using the following command:

> configure inspection icmp enable

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card