| Updated Blogs |
|
More .....
|
RSS Feed | Login PC Tech Support
Tech support - post experiences and reviews on tech products worked with while on the job providing support to her customers and end-users.
Permit Trace Route on Cisco ASA
By PC Tech Support at 2009-11-29 07:51:36
The Cisco ASA not only blocks outbound pings out of the box as most firewwalls and security appliances do but also doesn't permit the trace route command from working. Traceroute is a command that is not used too often but is a tool used for trouble-shooting network issues. Traceroute is one of the built-in commands on desktops, laptops, and routers, this command gets used to find internet or internal internet connectivity problems. On the Cisco ASA, three lines of code need to be added to the access list for inside to outside traffic.Configure ASA to allow traceroute responses.
To allow pings and trace route responce traffic from internal to the outside, add the following statements:
access-list pmt_out2IN extended permit icmp any any echo-reply
access-list pmt_out2IN extended permit icmp any any unreachable
access-list pmt_out2IN extended permit icmp any any time-exceeded
To allow RDP or terminal server traffic through an ASA: Open TCP 3689 inbound to that server whose public NAT is 230.198.191.25 , add this line:
access-list pmt_out2IN extended permit tcp any host 230.44.191.25 eq 3689
Permalink | Comments (1)
Comments
To add a comment please login by clicking here
JC Store | JasmineCorp
|
JCBid
|Software
Development |
Domain
Registration | Hosting
| Web
Designing | Buy
Books |
Advertise
with JCSearch |
Whois
|
IP
Locator |
Add
Search |
Shopping
| Store
|
Free Blogs |
Free
GuestBook | Free
E-Cards |
Free
Games |
Free
Tutorials |
Set
as Home | Add
to Favorite
| Suggest
a Site |
Directory
Our Portfolio
| Terms of service
| Free quote
| Tell a Friend
| Special Offer
| Job Opportunities
| games
| Usenet Groups