This is a result of the fact that the ASA is not responding to all of the traceroute packets. This is due to the rate-limiting of ICMP on the ASA. you can adjust this as below. Test it and let us know
icmp unreachable rate-limit 10 burst-size 5 From: [email protected] [mailto:[email protected]] On Behalf Of waleed ' Sent: 29 August 2011 11:24 To: [email protected]; [email protected]; [email protected] Subject: Re: [OSL | CCIE_Security] ASA Traceroute I have same , why this ? any one has clarification _____ To: [email protected]; [email protected] From: [email protected] Date: Sun, 7 Aug 2011 11:01:55 -0400 Subject: Re: [OSL | CCIE_Security] ASA Traceroute That is normal. Do a traceroute without security appliance and you will see similar results Regards, Tyson Scott CCIE # 13513 (R&S, Security, SP) Managing Partner/Technical Instructor - IPexpert Inc. [email protected] ----- Reply message ----- From: "Kok Yong CHEONG" <[email protected]> Date: Sun, Aug 7, 2011 8:01 am Subject: [OSL | CCIE_Security] ASA Traceroute To: "[email protected]" <[email protected]> hi guys. need your advise. i was trying on the ASA trace route,and saw the following traceroute result, do you guys have any clue on why cause the * R2 <----> (I) ASA (O) <----> R1 R1 traceroute to R2, with ASA's config: -allow udp 33434 and above on the ASA's outside interface -set connection decrement-ttl on ASA -no ACL on ASA's inside interface R1#traceroute 10/10.4.2 Type escape sequence to abort. Tracing the route to 45.45.4.2 1 10.10.4.12 0 msec 0 msec 0 msec 2 10.10.4.2 4 msec * 0 msec R1# by the way, (10.10.4.12) is ASA inside interface IP, (10.10.4.2) is R2' interface connected to ASA, why is there an "*" on entry of 10.10.4.2 ? and not reporting any value ? what could have resulted with that ? Thanks in advance Regards KY _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
