Solved: traceroute througth asa is not working when ecmp error inspection is enabled - Page 2

Eugene Khabarov · ‎06-07-2011

Hello, dear All!

I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this:

My traceroute [v0.75]

Tue Jun 7 13:33:01 2011

Keys: Help Display mode Restart statistics Order of fields quit

Packets Pings

Host Loss% Snt Last Avg Best Wrst StDev

1. 192.168.1.247 0.0% 2 0.3 0.4 0.3 0.4 0.0

2. ???

3. ???

4. ???

5. ???

6. ???

7. ???

8. destination.lan 0.0% 1 29.2 29.2 29.2 29.2 0.0

When ICMP error inspection is disabled, my results looks better, but still not all hops in the path:

My traceroute [v0.75]

Tue Jun 7 13:32:44 2011

Keys: Help Display mode Restart statistics Order of fields quit

Packets Pings

Host Loss% Snt Last Avg Best Wrst StDev

1. 192.168.1.247 0.0% 36 0.5 0.4 0.3 0.5 0.1

2. core-asa.lan 0.0% 35 0.3 0.5 0.3 1.8 0.4

3. ???

4. ???

5. 123.123.123.1 0.0% 35 2.5 5.9 1.9 41.6 9.2

6. 123.123.123.57 0.0% 35 28.7 30.3 27.2 107.7 13.5

7. 123.123.123.58 0.0% 35 28.4 28.6 27.6 32.9 1.0

8. destination.lan 0.0% 35 29.1 30.2 28.9 33.4 0.9

icmp inspection and ttl decrement on ASA is enabled. Also I configured ACL on outside interface to permit ICMP completely.

What's the problem? Thanks in advance.

Eugene Khabarov · ‎06-08-2011

Thank you. Looks really that it is CSCti20726. I will be wating for the new release.

Gerard Roy · ‎03-25-2019

Broken link

Gerard Roy · ‎03-25-2019

Broken link