Re: [OSL | CCIE_Security] Traceroute through ASA

Fri, 20 May 2011 14:30:11 -0700 

I think the TTL is decremented on the egress interface, so this is normal 
behavior.


Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: Mark Senteza [[email protected]]
Received: Friday, 20 May 2011, 5:00pm
To: [email protected] [[email protected]]
Subject: [OSL | CCIE_Security] Traceroute through ASA

Hi,

I've got the ASA set up such that it appears in traceroute output, which it 
does, but in an odd way which I wanted to ask if it was normal behavior.

My network is setup as follows.

SW-VLAN 20 (10.100.20.11) ------- (10.100.20.2) Fa0/0.20 - Router R2 - Fa0/0.2 
(10.100.2.2) -----------(10.100.2.20) inside - ASA - outside (10.100.1.10) 
------------ (10.100.1.1) Fa0/0 - Router R1

When I trace from the switch (SW) to 1.1.1.1 which is a Loopback IP on Router 
R1, I get the "outside" interface of the ASA appear in the traceroute, as 
opposed to the "inside" interface which I was expecting to appear.

Switch-SW01#trace 1.1.1.1

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 10.100.20.2 0 msec 0 msec 4 msec
  2 10.100.1.10 4 msec 0 msec *
  3 10.100.1.1 0 msec 0 msec *


When I trace from Router R1, which is on the outside of the ASA to an IP on the 
switch, I get the "inside" interface of the ASA appear in the traceroute, and 
not the "outside" interface IP.

Router-R1#trace 10.100.20.11

Type escape sequence to abort.
Tracing the route to 10.100.20.11

  1 10.100.2.10 0 msec 0 msec *
  2 10.100.2.2 0 msec 0 msec 0 msec
  3 10.100.20.11 0 msec 0 msec *


Is this normal behavior ?


Mark



This communication is the property of ClarkDietrich Building Systems LLC and may
contain confidential or privileged information. Unauthorized use of this
communication is strictly prohibited and may be unlawful. If you have received
this communication in error, please immediately notify the sender by reply and
destroy all copies of the communication and any attachments.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to