There is no option that I am aware of.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Bruno Sent: Tuesday, November 09, 2010 4:23 PM To: Joshua Fedor (US) Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Traceroute Through an ASA Well, I don't think icmp error would do it. As per my understanding that icmp error would help to hide the real ip address of a answer from trace route command. If the ASAs have NAT configured for that real address, then they will take it off and add the NAT instead seeking not to reveal the real inside address. I don't know any way of doing traceroute without access-list though. Would like to know as well On Tue, Nov 9, 2010 at 6:49 PM, Joshua Fedor (US) <[email protected]> wrote: I believe “inspect icmp error” would do it. From: wale ogunyemi [mailto:[email protected]] Sent: Tuesday, November 09, 2010 3:35 AM To: [email protected] Subject: [OSL | CCIE_Security] Traceroute Through an ASA Can anyone give me an idea or a link of how you can enable traceroute through an ASA without using an ACCESS-LIST. Regards, Olawale Ogunyemi _____ Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
