| Hi Paul, What about the option to enable the traceroute option on the icmp protocol inspection? E.g. icmp permit any traceroute inside (or outside) Kind regards Pieter-Jan On 7 sep 2009, at 19:49, Paul Stewart wrote: By default the ASA is transparent to a traceroute due to the fact that it does not decrement the TTL. In Vol 2, Lab 11 section 1.3-4 it specifies that inside hosts should be able to "successfully" traceroute to devices on the drawing. What are the thoughts on using the method below to make the ASA visible? In my opinion, it is a gray area, but a successful traceroute should show the layer 3 devices. --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: [email protected]  Think before you print. |
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
