Cisco ASA Traceroute

Allow Tracert through the ASA

Allow ICMP/Time-Exceeded and Time/Unrechable from outside


access-list OUTSIDE_access_in extended permit icmp any any time-exceeded
access-list OUTSIDE_access_in extended permit icmp any any unreachable

Make ASA visable in traceroute

policy-map global_policy
  class class-default
    set connection decrement-ttl
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *