Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
393
Views
0
Helpful
1
Replies

Trace Route from inside int

Charlie Taylor
Level 4
Level 4

‎09-06-2013 01:11 PM - last edited on ‎03-25-2019 05:52 PM by Community Manager

We can trace from cli on asa5510 (8.0(3)) but can not from inside host. We have icmp and echo-reply on both interfaces. The logs show successful building/teardown of ICMP to/from the faddr and there are not any denies by acl's or errors.

Any clues by you smart people?

THANKS!!!!!

C.T.

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎09-06-2013 01:16 PM

Hi,

Do you have ICMP Inspection enabled?

If not, add

fixup protocol icmp

fixup protocol icmp error

If those dont help, you could consider adding these to the external interface ACL

access-list permit icmp any any time-exceeded

access-list permit icmp any any unreachable

This document might also help you with troubleshooting and configuring

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top