I am not 100% sure what you

Rizwan Khan · ‎09-05-2015

Hello Experts,

My question is how to enable traceroute on cisco ASA. I have seen alot of examples which allow traceroute through the ASA. However i am looking to enable traceroute on ASA itself. Like if i have an outside interface with IP 1.1.1.1 i could do traceroute to that IP 1.1.1.1. From windows i am able to do so as it uses icmp protocol. But what about linux/IOS which uses udp for traceroute.

Thanks in advance.

nspasov · ‎09-05-2015

I am not 100% sure what you are trying to accomplish. Can you perhaps elaborate a bit more? The traceroute command is supported valid command and you can trace issue is from the ASA directly.

Thank you for rating helpful posts!

Rizwan Khan · ‎09-06-2015

Hi.

I want to trace route Cisco asa outside interface from another source. We have two different data centres. I want dc B edge Router to be able to trace route dc A edge firewall outside interface. When I do so. It denies any udp packet.

nspasov · ‎09-07-2015

Take a look at the following link:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/15246-31.html

Thank you for rating helpful posts!

Dennis Mink · ‎09-07-2015

change the the access-list for your outside interface at dcA, to allow icmp from your dc B on the outside interface.

Please remember to rate useful posts, by clicking on the stars below.