After removing the nat command and the global command (not the static) i get
the inside IP of the firewall as 1st hop...
R2#traceroute 11.11.11.11
Type escape sequence to abort.
Tracing the route to 11.11.11.11
1 10.22.22.10 0 msec * 0 msec
2 192.1.22.1 0 msec * 0 msec
R2#
Date: Tue, 11 May 2010 18:26:14 +0530
Subject: Re: [OSL | CCIE_Security] ASA to show as Traceroute Hop
From: [email protected]
To: [email protected]
CC: [email protected]
Hey Sumit,
Check this out, i think when you configure NAT and when you ping the NATTed
inside IP address from the outside, the traceroute command returns the IP
addres of the firewall as the NATted IP addrress
ex : In my configuration i added this line
#static (outside,inside) 136.1.121.2 136.1.122.100 ( i'm translating the inside
host to an IP of 136.1.122.100 )
When i do a traceroute from the outside, the ASA DOES reply to the traceroute,
but with an IP address of the 136.1.122.100.
Remove the NAT configuration to test, and i think you'll be able to see the
Firewall outside IP in the traceroute as the first Hop.
Hope this helps.
_________________________________________________________________
The amazing world in sharp snaps
http://news.in.msn.com/gallery/archive.aspx
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
