dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
12
share rss forum feed

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

1 recommendation

reply to LondonDave

Re: [HELP] Unable to get traceroutes to work right on an ASA5510

That's not his issue (i.e. the asa showing up in the traceroute.) His ASA is killing the ICMP traffic in one way or another.

My money is on acl's, despite what the OP has said. Following that would be any policy map configuration.

Watch the log, there should be numerous "packet dropped" messages.



Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL

I'm actually noticing UDP connections established from my host machine to the destination it's testing. No denies are showing up in the log.

From my previous traceroute, 10.10.30.1 is a core switch, it's the not the ASA. The ASA is not showing up in the traceroute. The ASA would technically be hop 2.



Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL

1 edit
reply to cramer

[SOLVED] Unable to get traceroutes to work right on an ASA5510

It was the policy map configuration...

policy-map global_policy
 class icmp-class
  inspect icmp
  set connection decrement-ttl
 class icmperror-class
  inspect icmp error
  set connection decrement-ttl
 

Thanks!

EDIT: Changed the policy-map around so the ttl is decremented correctly via the ASA.