3 Replies Latest reply: Aug 29, 2014 9:49 AM by Gary RSS

    allow the ASA show in traceroutes hops

    Gods Son

      To allow the ASA show in traceroutes hops you do the following

       

       

      icmp unreachable rate-limit 10 burst-size 5

      # Adjust ICMP unreachable replies:

      # The default is rate-limit 1 burst-size 1.

      # The default will result in timeouts for the ASA hop:

       

       

      policy-map global_policy

      class class-default

      set connection decrement-ttl

      # Decrement the IP TTL field for packets traversing the firewall.

      # By default, the TTL is not decremented, hiding (somewhat) the firewall.

       

       

      I kind of understand how this works (the fix) but would be nice if someone can explain better why this resolves it, maybe with an example.