Monday, December 6, 2010

ASA's address in traceroute

Have you wondered how you'd go about making the firewall show up in a traceroute command?
R1#trace 172.30.3.53
Type escape sequence to abort.Tracing the route to 172.30.3.53
1 fa-0-1-r5 (10.4.1.1) 4 msec * 0 msec 2 * fa-0-0-r5 (10.7.1.2) 4 msec * 3 10.25.4.1 0 msec * 0 msec 4 * 150.10.1.254 0 msec * 5 172.30.3.53 0 msec * 0 msec
On the ASA or PIx:
policy-map global_policy
class class-default set connection decrement-ttl
After modifying "global_policy" on the ASA or PIX:
R1#trace 172.30.3.53
Type escape sequence to abort.Tracing the route to 172.30.3.53
1 fa-0-1-r5 (10.4.1.1) 0 msec * 0 msec 2 * fa-0-0-r5 (10.7.1.2) 0 msec * 3 10.25.4.1 0 msec * 0 msec 4 * * 150.10.1.1 0 msec 5 * 150.10.1.254 0 msec * 6 172.30.3.53 0 msec * 0 msec

No comments:

Post a Comment