Re: OT: Masking of Traceroute through ASA

Hi,

Permit icmp unreachable and time-exceeded in from the outside interface.

Regards

________________________________
From: olumayokun fowowe <olumayokun_at_gmail.com>
To: Cisco certification <ccielab_at_groupstudy.com>
Sent: Tue, April 13, 2010 9:21:11 AM
Subject: OT: Masking of Traceroute through ASA

Hello all,

I need a clarification and I will be glad if anybody can help me out. I am
trying to do a trace to www.google.com from within my LAN. I have an ASA
firewall between just after my border router. Below is the output of the
tracert to google. All the hops in between google and my firewall was
masked. What ASA feature causes this, and how can I disable it if I need to?

Tracing route to www.l.google.com [209.85.135.104]
over a maximum of 30 hops:

  1 10 ms 1 ms <1 ms X.Y.Z.2
  2 * * * Request timed out.
  3 * * * Request timed out.
  4 * * * Request timed out.
  5 * * * Request timed out.
  6 * * * Request timed out.
  7 * * * Request timed out.
  8 * * * Request timed out.
  9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 144 ms 216 ms 138 ms mu-in-f104.1e100.net [209.85.135.104]

Thank you.

-- 
Olumayokun Fowowe
Blogs and organic groups at http://www.ccie.net