Question : Trace Route and Cisco asa 5505

When am inside the network ( 10.0.1.10) and i want to traceroute to the internet, my first hop is 196.24.5.6 our internet router. Why is it not the CISCO ASA 5505 Am confused here isnt traffic it suppose to go pass the firewall , meaning the first hop has to be ASA. Am ii missing something. Someone please help or explain. Do i need to add something on my asa.

Basically i would expect my first hop to be firewall.


Answer : Trace Route and Cisco asa 5505

This is normal behavior.  The ASA is a security appliance and therefore "stealths" itself.  It does not decrement the TTL therefore doesn't appear in the traceroute.  You can have it appear in the traceroute by using the following if desired.

ciscoasa(config)#policy-map global_policy
ciscoasa(config-pmap)#class class-default
ciscoasa(config-pmap-c)#set connection decrement-ttl
Random Solutions  
 
programming4us programming4us