[c-nsp] traceroute from ASA with source IP from inside interface
"Rolf Hanßen"
nsp at rhanssen.de
Wed Mar 16 06:58:17 EDT 2016
Hi,
I am new to ASA and wondering about the traceroute (and ping) behaviour.
I wanted to trace/ping with the IP address of the internal interface, but
anything I try results in stars:
ASA# traceroute 8.8.8.8 source inside
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 * * *
2 * * *
Tracing without setting a source (or "source outside") works fine.
I create a rule for the internal interface towards dst any service ip.
There is also a rule on the outside interface to allow icmp.
I replace "inside" with the IP.
Traceroutes from servers attached to the inside interface work fine.
There is no control plane policy set.
Is this a bug or some strange "security feature"?
Is there another part that maybe filters such traffic?
In the management access section I see only https/asdm/ssh/telnet.
Maybe somebody can explain.
kind regards
Rolf
More information about the cisco-nsp
mailing list