Hey Sumit, Check this out, i think when you configure NAT and when you ping the NATTed inside IP address from the outside, the traceroute command returns the IP addres of the firewall as the NATted IP addrress
ex : In my configuration i added this line #static (outside,inside) 136.1.121.2 136.1.122.100 ( i'm translating the inside host to an IP of 136.1.122.100 ) When i do a traceroute from the outside, the ASA DOES reply to the traceroute, but with an IP address of the 136.1.122.100. Remove the NAT configuration to test, and i think you'll be able to see the Firewall outside IP in the traceroute as the first Hop. Hope this helps.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
