11-23-2012 12:25 PM - edited 03-11-2019 05:27 PM
Hi,
The network structure of my company is :
Server ( 172.22.2.1 ) - HQ L3 switch ( 172.22.51.41 ) - ASA firewall ( route mode without NAT, 172.16.52.2 ) - WAN router ( 172.16.51.101 ) - Branch office L3 switch ( 172.16.6.254 ) - PC ( 172.16.6.250 )
I tried to trace route from my PC, the result is :
C:\Documents and Settings\yang>tracert -d 172.22.2.1
Tracing route to 172.22.2.1 over a maximum of 30 hops
1 23 ms <1 ms <1 ms 172.16.6.254
2 4 ms 2 ms 2 ms 172.16.51.101
3 10 ms 9 ms 9 ms 172.22.51.41
4 9 ms 9 ms 9 ms 172.22.2.1
Trace complete.
The trace route result seems loss the ASA hop information. Please help to mention me what is the problem?
Best Regards,
Solved! Go to Solution.
11-23-2012 12:43 PM
Hello Jackson,
By default the ASA will not decrement the TTL value of an IP packet ( so it will be somehow transparent {Security Purposes}) but this can be changed by doing the following:
configure te
policy-map global_policy
class class-default
set connection decrement-ttl
Regards,
Rate all of the helpful posts
11-25-2012 02:38 AM
in addition you need an access-list on outside interface :-
access-list outside permit udp any any gt 33434.
11-23-2012 12:43 PM
Hello Jackson,
By default the ASA will not decrement the TTL value of an IP packet ( so it will be somehow transparent {Security Purposes}) but this can be changed by doing the following:
configure te
policy-map global_policy
class class-default
set connection decrement-ttl
Regards,
Rate all of the helpful posts
11-25-2012 02:38 AM
in addition you need an access-list on outside interface :-
access-list outside permit udp any any gt 33434.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: