capture test type raw-data interface inside [Capturing - 1476 bytes] match ip any 158.73.55.0 255.255.255.0 capture test1 type raw-data interface outside [Capturing - 0 bytes] match ip any 158.73.55.0 255.255.255.0 capture test2 type raw-data interface outside [Capturing - 0 bytes] match ip 158.73.55.0 255.255.255.0 any #sh capture test detail 18 packets captured 1: 13:17:51.433922 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53119 > 158.73.55.58.443: SWE [tcp sum ok] 3603861732:3603861732(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 22903) 2: 13:17:51.434090 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53118 > 158.73.55.58.443: SWE [tcp sum ok] 2036587598:2036587598(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 22904) 3: 13:17:52.440040 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53119 > 158.73.55.58.443: SWE [tcp sum ok] 3603861732:3603861732(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 22905) 4: 13:17:52.440101 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53118 > 158.73.55.58.443: SWE [tcp sum ok] 2036587598:2036587598(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 22906) 5: 13:17:54.440101 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53119 > 158.73.55.58.443: S [tcp sum ok] 3603861732:3603861732(0) win 65535 (DF) (ttl 127, id 22907) 6: 13:17:54.440178 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53118 > 158.73.55.58.443: S [tcp sum ok] 2036587598:2036587598(0) win 65535 (DF) (ttl 127, id 22908) 7: 13:17:58.440590 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53123 > 158.73.55.57.443: SWE [tcp sum ok] 478299949:478299949(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 30315) 8: 13:17:58.440757 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53122 > 158.73.55.57.443: SWE [tcp sum ok] 1757893715:1757893715(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 30316) 9: 13:17:59.455893 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53122 > 158.73.55.57.443: SWE [tcp sum ok] 1757893715:1757893715(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 30317) 10: 13:17:59.455939 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53123 > 158.73.55.57.443: SWE [tcp sum ok] 478299949:478299949(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 30318) 11: 13:18:01.471441 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53122 > 158.73.55.57.443: S [tcp sum ok] 1757893715:1757893715(0) win 65535 (DF) (ttl 127, id 30319) 12: 13:18:01.471472 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53123 > 158.73.55.57.443: S [tcp sum ok] 478299949:478299949(0) win 65535 (DF) (ttl 127, id 30320) 13: 13:18:05.471777 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53126 > 158.73.55.56.443: SWE [tcp sum ok] 1891572340:1891572340(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 34980) 14: 13:18:05.471929 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53127 > 158.73.55.56.443: SWE [tcp sum ok] 4052734664:4052734664(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 34979) 15: 13:18:06.471563 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53127 > 158.73.55.56.443: SWE [tcp sum ok] 4052734664:4052734664(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 34981) 16: 13:18:06.487157 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53126 > 158.73.55.56.443: SWE [tcp sum ok] 1891572340:1891572340(0) win 65535 (DF) [tos 0x2,ECT] (ttl 127, id 34982) 17: 13:18:08.471456 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53127 > 158.73.55.56.443: S [tcp sum ok] 4052734664:4052734664(0) win 65535 (DF) (ttl 127, id 34983) 18: 13:18:08.487126 2c57.416c.66bf f4db.e690.a99d 0x0800 Length: 66 10.10.21.10.53126 > 158.73.55.56.443: S [tcp sum ok] 1891572340:1891572340(0) win 65535 (DF) (ttl 127, id 34984) 18 packets shown # packet-tracer input outside tcp 10.10.21.10 10000 158.73$ Phase: 1 Type: CAPTURE Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7f8171282620, priority=13, domain=capture, deny=false hits=480453415, user_data=0x7f81945eb970, cs_id=0x0, l3_type=0x0 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0000.0000.0000 input_ifc=outside, output_ifc=any Phase: 2 Type: ACCESS-LIST Subtype: Result: ALLOW Config: Implicit Rule Additional Information: Forward Flow based lookup yields rule: in id=0x7f819364d570, priority=1, domain=permit, deny=false hits=2132427615, user_data=0x0, cs_id=0x0, l3_type=0x8 src mac=0000.0000.0000, mask=0000.0000.0000 dst mac=0000.0000.0000, mask=0100.0000.0000 input_ifc=outside, output_ifc=any Phase: 3 Type: ROUTE-LOOKUP Subtype: Resolve Egress Interface Result: ALLOW Config: Additional Information: found next-hop 66.57.94.154 using egress ifc outside Phase: 4 Type: ACCESS-LIST Subtype: log Result: ALLOW Config: access-group outside-in in interface outside access-list outside-in extended permit tcp object-group Local-Culpepper-Lan any object-group allow_internet_tcp object-group network Local-Culpepper-Lan description: All Culpepper LAN IP Space network-object 10.10.0.0 255.255.224.0 object-group service allow_internet_tcp tcp description: allow tcp ports for internet access port-object eq www port-object eq https port-object eq domain Additional Information: Forward Flow based lookup yields rule: in id=0x7f8178014270, priority=13, domain=permit, deny=false hits=3, user_data=0x7f818701d180, cs_id=0x0, use_real_addr, flags=0x0, protocol=6 src ip/id=10.10.0.0, mask=255.255.224.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=443, tag=any, dscp=0x0 input_ifc=outside, output_ifc=any Phase: 5 Type: NAT Subtype: Result: ALLOW Config: object network obj_any nat (any,outside) dynamic interface Additional Information: Dynamic translate 10.10.21.10/10000 to 149.97.176.74/10000 Forward Flow based lookup yields rule: in id=0x7f81944f1820, priority=6, domain=nat, deny=false hits=4539194, user_data=0x7f8193388de0, cs_id=0x0, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=outside Phase: 6 Type: NAT Subtype: per-session Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7f819292a9e0, priority=0, domain=nat-per-session, deny=false hits=2740702, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=any, output_ifc=any Phase: 7 Type: IP-OPTIONS Subtype: Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7f8193655a30, priority=0, domain=inspect-ip-options, deny=true hits=3829181, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=outside, output_ifc=any Phase: 8 Type: VPN Subtype: ipsec-tunnel-flow Result: ALLOW Config: Additional Information: Forward Flow based lookup yields rule: in id=0x7f819400ace0, priority=13, domain=ipsec-tunnel-flow, deny=true hits=1376962, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=outside, output_ifc=any Phase: 9 Type: NAT Subtype: rpf-check Result: DROP Config: object network obj_any nat (any,outside) dynamic interface Additional Information: Forward Flow based lookup yields rule: out id=0x7f819331f9d0, priority=6, domain=nat-reverse, deny=false hits=195649, user_data=0x7f8193388de0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0 src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0 input_ifc=outside, output_ifc=any Result: input-interface: outside input-status: up input-line-status: up output-interface: outside output-status: up output-line-status: up Action: drop Drop-reason: (acl-drop) Flow is denied by configured rule