By default the ASA is transparent to a traceroute due to the fact that it does not decrement the TTL. In Vol 2, Lab 11 section 1.3-4 it specifies that inside hosts should be able to "successfully" traceroute to devices on the drawing. What are the thoughts on using the method below to make the ASA visible? In my opinion, it is a gray area, but a successful traceroute should show the layer 3 devices.
policy-map global_policy class class-default set connection decrement-ttl
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
