Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3829
Views
0
Helpful
0
Comments

Traceroute hops within the inside network are hidden from an outside user, when the nailed option is used for a static on ASA

TCC_2
Level 10
Level 10

‎06-22-2009 04:03 PM - edited ‎03-08-2019 06:10 PM

What is traceroute?

Traceroute is a network diagnostic tool originally written by Van Jacobson to determine whether routing problems exist on the network. Traceroute can be used to determine which path IP packets are taking to get from your computer to the remote computer. Traceroute shouldn't be used on a network without routers. It is not really useful unless there are at least two routers in the network.

Traceroute was designed to reveal when network failures such as routing loops and black holes occur and shows roughly where those failures exist.

Windows uses an ICMP-only traceroute-like utility called 'tracert'.

UNIX, Linux and BSD based systems use a UDP-based traceroute

Core issue

This happens when you convert the ASA config from nat 0 to statics, the traceroute behavior changes from outside to inside. The destination IP address is seen for each hop.

Resolution

Nat 0 shows all the hops along the path, but statics, with the nailed option or not, shows the same IP address for each hop. In order to get the statics to show each hop, issue the inspect icmp error command.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents