Hi all I am trying two solutions for getting "traceroute" across ASA to work. First solution is working for me but the second solution is not working. Am I missing something?
*Solution 1* Allowing the "time-exceeded" and "unreachable" to outside interface. access-list mine extended permit icmpacl any any time-exceeded access-list mine extended permit icmpacl any any unreachable access-group icmpany in interface outside *Solution 2* ** I am not allowing the "time-exceeded" and "unreachable" to outside interface. Rather I am relying on inspect icmp and icmp error. policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
