0 Replies Latest reply: Mar 18, 2019 7:15 AM by William RSS

    ASA using Anyconnect Traceroute hops not displayed

    William

      Background, ASA has approx 400 DAP policies, trying to get trace route to work correctly for one group. They are connecting using anyconnect 4.3.0.5017.

       

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_9 any4 object-group DM_INLINE_NETWORK_118 log

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_113 any4 object-group DM_INLINE_NETWORK_145 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50813 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50812 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50808 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50805 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50804 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.9 eq 50802 log

      access-list Business_Connexion extended permit udp any4 host 172.25.204.9 eq 50794 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50813 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50812 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50808 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50805 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50804 log

      access-list Business_Connexion extended permit tcp any4 host 172.25.204.8 eq 50802 log

      access-list Business_Connexion extended permit udp any4 host 172.25.204.8 eq 50794 log

      access-list Business_Connexion extended permit tcp any4 object-group DM_INLINE_NETWORK_278 eq www log

      access-list Business_Connexion remark ACD 1023140603 V0 SB 10/24/14

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_199 any4 object-group DM_INLINE_NETWORK_277 log

      access-list Business_Connexion remark 1012160158 v0 MD 10/13/2016

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_327 any4 object 160.122.16.7 log

      access-list Business_Connexion remark 1012160218 v0 MD 10/13/2016

      access-list Business_Connexion extended permit object tcp_3389 any4 object-group DM_INLINE_NETWORK_455 log

      access-list Business_Connexion remark 0921181445 v0 ps 9/24/2018

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_544 any host 172.25.224.17 log

      access-list Business_Connexion remark 0305190027 V0 NB 3/7/19

      access-list Business_Connexion remark 0305190027 V0 NB 3/7/19

      access-list Business_Connexion extended permit object-group DM_INLINE_SERVICE_610 any4 object-group DM_INLINE_NETWORK_898 log

      access-list Business_Connexion extended permit ip any any inactive

       

       

      object-group service DM_INLINE_SERVICE_610
      service-object icmp traceroute
      service-object object tcp_53
      service-object object Echo_Request
      service-object icmp echo-reply
      service-object icmp
      service-object icmp time-exceeded
      service-object icmp unreachable

      object-group network DM_INLINE_NETWORK_898

      network-object 160.122.0.0 255.255.0.0

      network-object 172.22.72.0 255.255.248.0

      network-object 172.22.80.0 255.255.248.0

      network-object 172.25.204.0 255.255.255.0

      network-object 172.20.0.0 255.255.0.0

      network-object 172.22.82.0 255.255.255.0

      network-object 172.25.205.0 255.255.255.0

      network-object 172.25.207.0 255.255.255.0

      network-object 172.25.240.0 255.255.255.0