<div>
The ASA simply processes/nat's the packet, sends to its next hop. It does not decrement the ttl and send back to the traceroute host. But, really, it IS the first hop, but it is a firewall, not a router. Routers behave a certain way and so do firewalls. Routers process the icmp packet, decrement the TTL and send time-exceeded messages back to the host. The ASA just doesn't.<br />

</div>


The ASA simply processes/nat's the packet, sends to its next hop. It does not decrement the ttl and send back to the traceroute host. But, really, it IS the first hop, but it is a firewall, not a router. Routers behave a certain way and so do firewalls. Routers process the icmp packet, decrement the TTL and send time-exceeded messages back to the host. The ASA just doesn't.


<div>
Hi nobs,<br />
<br />
A point split was probably in order as lrmoore pretty much conveyed the same information. &nbsp;I can open the question back up if you agree. &nbsp;Thanks.
</div>


Hi nobs,

A point split was probably in order as lrmoore pretty much conveyed the same information.  I can open the question back up if you agree.  Thanks.

<div>
<div class="content wysiwyg-content">
When am inside the network ( 10.0.1.10) and i want to traceroute to the internet, my first hop is 196.24.5.6 our internet router. Why is it not the CISCO ASA 5505 Am confused here isnt traffic it suppose to go pass the firewall , meaning the first hop has to be ASA. Am ii missing something. Someone please help or explain. Do i need to add something on my asa.<br />
<br />
Basically i would expect my first hop to be firewall.<br />
<br />
<br />

</div>
</div>


When am inside the network ( 10.0.1.10) and i want to traceroute to the internet, my first hop is 196.24.5.6 our internet router. Why is it not the CISCO ASA 5505 Am confused here isnt traffic it suppose to go pass the firewall , meaning the first hop has to be ASA. Am ii missing something. Someone please help or explain. Do i need to add something on my asa.

Basically i would expect my first hop to be firewall.




Trace Route and Cisco asa 5505

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.