The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"проблема traceroute asa 5505"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Изначальное сообщение [ Отслеживать ]

"проблема traceroute asa 5505"  
Сообщение от f1 (ok) on 30-Июн-08, 22:35 
не проходит трассировка с клиентской машины , пинг идёт нормально


ASA Version 7.2(3)
!
hostname gateway
domain-name kar
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.9 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group kar
ip address pppoe setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 7S8ePYKfPDzMXKcC encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name kar
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 10 burst-size 5
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 217.116.129.26 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.6.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.6.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group kar request dialout pppoe
vpdn group kar localname *************
vpdn group kar ppp authentication chap
vpdn username ************** password *********

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect ftp
  inspect icmp
  inspect icmp error
  inspect h323 h225
class class-default
  set connection decrement-ttl
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:97fd1b0d48fbc0581aa617e0c29c2921
: end


C:\Documents and Settings\F1>tracert -d mail.ru

Трассировка маршрута к mail.ru [194.67.57.26]
с максимальным числом прыжков 30:

  1     *        *        *     Превышен интервал ожидания для запроса.
  2     *        *        *     Превышен интервал ожидания для запроса.
  3     *        *        *     Превышен интервал ожидания для запроса.
  4     *        *        *     Превышен интервал ожидания для запроса.
  5     *        *        *     Превышен интервал ожидания для запроса.
  6     *        *        *     Превышен интервал ожидания для запроса.
  7     *        *        *     Превышен интервал ожидания для запроса.
  8     *        *        *     Превышен интервал ожидания для запроса.
  9     *        *        *     Превышен интервал ожидания для запроса.
10    74 ms    75 ms    75 ms  194.67.57.26

Трассировка завершена.
gateway(config)# debug icmp trace
debug icmp trace enabled at level 1
gateway(config)# ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=44032 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=44288 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=44544 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=44800 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=45056 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=45312 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=45568 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=45824 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=46080 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=46336 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=46592 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=46848 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=47104 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=47360 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=47616 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=47872 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=48128 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=48384 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=48640 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=48896 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=49152 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=49408 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=49664 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=49920 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=50176 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=50432 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=50688 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=50944 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo reply from outside:194.67.57.26 to inside:90.188.216.155 ID=1 seq=50944 len=64
ICMP echo reply untranslating outside:90.188.216.155/1 to inside:192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=51200 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo reply from outside:194.67.57.26 to inside:90.188.216.155 ID=1 seq=51200 len=64
ICMP echo reply untranslating outside:90.188.216.155/1 to inside:192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:194.67.57.26 ID=768 seq=51456 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.216.155/1
ICMP echo reply from outside:194.67.57.26 to inside:90.188.216.155 ID=1 seq=51456 len=64
ICMP echo reply untranslating outside:90.188.216.155/1 to inside:192.168.6.33/768

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "проблема traceroute asa 5505"  
Сообщение от SergTel email(ok) on 01-Июл-08, 06:01 
>[оверквотинг удален]
>!
>policy-map global_policy
> class inspection_default
>  inspect ftp
>  inspect icmp
>  inspect icmp error
>  inspect h323 h225
> class class-default
>  set connection decrement-ttl
>!

Убери временно inspect icmp
и попробуй еще раз

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "проблема traceroute asa 5505"  
Сообщение от f1 (??) on 01-Июл-08, 17:57 
>[оверквотинг удален]
>>  inspect ftp
>>  inspect icmp
>>  inspect icmp error
>>  inspect h323 h225
>> class class-default
>>  set connection decrement-ttl
>>!
>
>Убери временно inspect icmp
>и попробуй еще раз

без inspect icmp перестаёт работать ping

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "проблема traceroute asa 5505"  
Сообщение от ilya (ok) on 02-Июл-08, 09:51 
>[оверквотинг удален]
>>>  inspect icmp error
>>>  inspect h323 h225
>>> class class-default
>>>  set connection decrement-ttl
>>>!
>>
>>Убери временно inspect icmp
>>и попробуй еще раз
>
>без inspect icmp перестаёт работать ping

а если включить просто лог - никаких отбоев в логе нет?
т.е. logg mon 7
term mon
и посмотреть что пишется в консольку когда запускаете трейсроут.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "проблема traceroute asa 5505"  
Сообщение от f1 (??) on 03-Июл-08, 03:42 
>[оверквотинг удален]
>>>
>>>Убери временно inspect icmp
>>>и попробуй еще раз
>>
>>без inspect icmp перестаёт работать ping
>
>а если включить просто лог - никаких отбоев в логе нет?
>т.е. logg mon 7
>term mon
>и посмотреть что пишется в консольку когда запускаете трейсроут.

вот кусочек с ошибками

ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:213.228.117.178
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:213.228.117.178 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=11521 len=64
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:213.228.117.178
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:213.228.117.178 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=11777 len=64
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:213.228.117.178
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 213.228.117.178/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:213.228.117.178 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=12033 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:217.70.107.217
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:217.70.107.217 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=12289 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:217.70.107.217
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:217.70.107.217 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=12545 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:217.70.107.217
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 217.70.107.217/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:217.70.107.217 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
ICMP echo request from inside:192.168.6.33 to outside:213.180.204.8 ID=768 seq=12801 len=64
ICMP echo request translating inside:192.168.6.33/768 to outside:90.188.195.122/2
%ASA-7-609001: Built local-host outside:213.180.208.5
%ASA-7-609001: Built local-host NP Identity Ifc:90.188.195.122
%ASA-6-302020: Built inbound ICMP connection for faddr 213.180.208.5/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.208.5/0 gaddr 90.188.195.122/0 laddr 90.188.195.122/0
%ASA-7-609002: Teardown local-host outside:213.180.208.5 duration 0:00:00
%ASA-7-609002: Teardown local-host NP Identity Ifc:90.188.195.122 duration 0:00:00
%ASA-6-302021: Teardown ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768
%ASA-7-609002: Teardown local-host outside:213.180.204.8 duration 0:00:02
%ASA-7-609001: Built local-host outside:213.180.204.8
%ASA-6-302020: Built outbound ICMP connection for faddr 213.180.204.8/0 gaddr 90.188.195.122/2 laddr 192.168.6.33/768

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

5. "проблема traceroute asa 5505"  
Сообщение от f1 (??) on 12-Июл-08, 17:47 
>>[оверквотинг удален]

Может версию перезалить на 8 ? у многих проблема с трассировкой через asa этой прошивки c использованием pppoe ...

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

6. "проблема traceroute asa 5505"  
Сообщение от f1 (??) on 13-Июл-08, 17:40 
>>>[оверквотинг удален]

усли сделать вот так ?
gateway(config)#  static (inside,outside) interface 192.168.6.22 netmask 255.255.255.255
access-list outin extended permit icmp any any time-exceeded
access-group outin in interface outside
тогда трассировка работает ,
но на команду static (inside,outside) interface 192.168.6.22 netmask 255.255.255.255 пишет
WARNING: static redireting all traffics at outside interface;
WARNING: all services terminating at outside interface are disabled.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

7. "проблема traceroute asa 5505"  
Сообщение от a126 on 25-Июл-08, 16:18 
Уберите все static с внешнего иф-са на внутренний ip. Точнее tcp static можно оставить, ip убрать. Все ответы идут по адресу 192.168.6.22
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру