Re: [OSL | CCIE_Security] ASA Traceroute

[neo]

This is a result of the fact that the ASA is not responding to all of the
traceroute packets.  This is due to the rate-limiting of ICMP on the ASA.
you can adjust this as below. Test it and let us know

icmp unreachable rate-limit 10 burst-size 5

 

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of waleed '
Sent: 29 August 2011 11:24
To: tsc...@ipexpert.com; cheon...@gmail.com;
ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] ASA Traceroute

 

I have same , why this ? any one has clarification

  _____  

To: cheon...@gmail.com; ccie_security@onlinestudylist.com
From: tsc...@ipexpert.com
Date: Sun, 7 Aug 2011 11:01:55 -0400
Subject: Re: [OSL | CCIE_Security] ASA Traceroute

That is normal.  Do a traceroute without security appliance and you will see
similar results

Regards,

Tyson Scott
CCIE # 13513 (R&S, Security, SP)
Managing Partner/Technical Instructor - IPexpert Inc.
tsc...@ipexpert.com


----- Reply message -----
From: "Kok Yong CHEONG" <cheon...@gmail.com>
Date: Sun, Aug 7, 2011 8:01 am
Subject: [OSL | CCIE_Security] ASA Traceroute
To: "ccie_security@onlinestudylist.com" <ccie_security@onlinestudylist.com>

hi guys. need your advise.

i was trying on the ASA trace route,and saw the following traceroute result,
do you guys have any clue on why cause the *

R2 <----> (I) ASA (O) <----> R1

R1 traceroute to R2, with ASA's config:

-allow udp 33434 and above on the ASA's outside interface
-set connection decrement-ttl on ASA
-no ACL on ASA's inside interface

R1#traceroute 10/10.4.2

Type escape sequence to abort.
Tracing the route to 45.45.4.2

 1 10.10.4.12   0 msec   0 msec 0 msec
 2 10.10.4.2    4 msec    *          0 msec
R1#

by the way, (10.10.4.12) is ASA inside interface IP, (10.10.4.2) is R2'
interface connected to ASA, why is there an "*" on entry of 10.10.4.2 ? and
not reporting any value ? what could have resulted with that ?

Thanks in advance

Regards
KY



_______________________________________________ For more information
regarding industry leading CCIE Lab training, please visit www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com