ttl is not decremented by default. On 2011-05-20, at 6:40 PM, Nick Montante wrote:
> I think the TTL is decremented on the egress interface, so this is normal > behavior. > > > Sent from my Android phone using TouchDown (www.nitrodesk.com) > > -----Original Message----- > From: Mark Senteza [[email protected]] > Received: Friday, 20 May 2011, 5:00pm > To: [email protected] [[email protected]] > Subject: [OSL | CCIE_Security] Traceroute through ASA > > Hi, > > I've got the ASA set up such that it appears in traceroute output, which it > does, but in an odd way which I wanted to ask if it was normal behavior. > > My network is setup as follows. > > SW-VLAN 20 (10.100.20.11) ------- (10.100.20.2) Fa0/0.20 - Router R2 - > Fa0/0.2 (10.100.2.2) -----------(10.100.2.20) inside - ASA - outside > (10.100.1.10) ------------ (10.100.1.1) Fa0/0 - Router R1 > > When I trace from the switch (SW) to 1.1.1.1 which is a Loopback IP on Router > R1, I get the "outside" interface of the ASA appear in the traceroute, as > opposed to the "inside" interface which I was expecting to appear. > > Switch-SW01#trace 1.1.1.1 > > Type escape sequence to abort. > Tracing the route to 1.1.1.1 > > 1 10.100.20.2 0 msec 0 msec 4 msec > 2 10.100.1.10 4 msec 0 msec * > 3 10.100.1.1 0 msec 0 msec * > > > When I trace from Router R1, which is on the outside of the ASA to an IP on > the switch, I get the "inside" interface of the ASA appear in the traceroute, > and not the "outside" interface IP. > > Router-R1#trace 10.100.20.11 > > Type escape sequence to abort. > Tracing the route to 10.100.20.11 > > 1 10.100.2.10 0 msec 0 msec * > 2 10.100.2.2 0 msec 0 msec 0 msec > 3 10.100.20.11 0 msec 0 msec * > > > Is this normal behavior ? > > > Mark > > This communication is the property of ClarkDietrich Building Systems LLC and > may > contain confidential or privileged information. Unauthorized use of this > communication is strictly prohibited and may be unlawful. If you have received > this communication in error, please immediately notify the sender by reply and > destroy all copies of the communication and any attachments. > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
