How to Allow Tracert on an ASA 5510

Written by chris hoffman Google
  • Share
  • Tweet
  • Share
  • Email

Traceroute, also known as the "Tracert" command on Windows, is a network diagnostic utility. When a packet of information is sent over a network, it doesn't go directly to its intended destination. The packet is sent to the first router between the source and the destination, which passes the packet to the next router along the path. Traceroute sends information about each router the packet traverses, including its address and speed. If network traffic can't reach its destination or is slow, traceroute can show the exact router along the path where the problem is occuring. The Cisco ASA 5510 adaptive security appliance blocks traceroute traffic by default.

Skill level:

Other People Are Reading


  1. 1

    Install the Telnet client on your computer if it isn't already installed. Click "Start," click "Control Panel," click "Programs" in the Control Panel window, click "Turn Windows Features On or Off," click the checkbox to the left of "Telnet Client" in the list of features and click "OK."

  2. 2

    Open the command prompt by clicking "Start," "All Programs," "Accessories" and "Command Prompt."

  3. 3

    Type "Telnet [IP Address]," replacing "[IP Address]" with the IP address of the Cisco ASA 5510, and press "Enter."

  4. 4

    Type "enable" at the Cisco ASA prompt and press "Enter."

  5. 5

    Type the password for the Cisco ASA at the password prompt and press "Enter."

  6. 6

    Enter configuration mode by typing "config t" in the Cisco ASA terminal and pressing "Enter."

  7. 7

    Type the following commands in the Cisco ASA terminal in order, pressing "Enter" after each line:

    class-map class-default

    match any

    policy-map global_policy

    class class-default

    set connection decrement-ttl



    service-policy global_policy global

    icmp unreachable rate-limit 10 burst-size 5

    access-list outside-in-acl remark Allow ICMP Type 11 for Windows tracert

    access-list outside-in-acl extended permit icmp any time-exceeded

    access-group outside-in-acl in interface outside

  8. 8

    Close the Command Prompt window.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the site, you consent to the use of cookies. For more information, please see our Cookie policy.