Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
1
Replies

Trace Route from inside int

Charlie Taylor
Level 4
Level 4

‎09-06-2013 01:11 PM - last edited on ‎03-25-2019 05:52 PM by Community Manager

We can trace from cli on asa5510 (8.0(3)) but can not from inside host. We have icmp and echo-reply on both interfaces. The logs show successful building/teardown of ICMP to/from the faddr and there are not any denies by acl's or errors.

Any clues by you smart people?

THANKS!!!!!

C.T.

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎09-06-2013 01:16 PM

Hi,

Do you have ICMP Inspection enabled?

If not, add

fixup protocol icmp

fixup protocol icmp error

If those dont help, you could consider adding these to the external interface ACL

access-list permit icmp any any time-exceeded

access-list permit icmp any any unreachable

This document might also help you with troubleshooting and configuring

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card