Traceroute and Cisco ASA’s

I had a strange error on a new ASA where doing tracert to a host returned the correct number of hops, but always displayed the destination host at each hop. Adding inspect icmp error fixed it right up.

policy-map global_policy
 class inspection_default
  inspect icmp error

via Issue with Traceroute with Cisco ASA’s | Firewalling | Cisco Support Community | 5966 | 12628436.

Advertisements