Acheter ou Renouveler
Acheter ou Renouveler
annuler
Activer les suggestions
La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
Nouveau sujet
463
Visites
1
Compliment
8
Réponses

Cisco ASA FW (capture command) is not detecting existing UDP messages

Accéder à la solution
Joerg.Teske
Level 1
Level 1

le ‎03-01-2024 10:27 AM

I have a question related to the interface of a Cisco router.

I have two cases of UDP flows arriving at a Cisco port (I can see them e.g. by connecting the ethernet cable to Wireshark on a windows PC).

The first case behaves as expected (with a capture command I see the UDP packages from 10.61.7.1 to 10.61.7.2case-ok.jpg

 

 

 

In the second case (source is not in the local LAN) I do not see the UDP packackes on the Cisco port (with a capture command I do NOT see any the UDP packages from 10.61.7.1 to  10.61.50.2

case-nok.jpg

As written above, with Wireshark you can see that the UDP packages are visible on this interface. 

Except to find a way to change the source address (has not intended impact) I do not see how I can change the definition of the interface:

interface GigabitEthernet1/1
  description interface
  nameif ifName
  security-level 10
  ip address 10.61.50.3 255.255.255.0
!

Étiquettes :
0 Compliments
1 SOLUTION APPROUVÉE

Solutions approuvées

Accéder à la solution
Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎05-01-2024 02:10 AM

Thank you for the notes.

Finally I found the problem.

Due to a very big arp timeout (14400) and first connection of the equipment I did not see that the MAC was still not known.

Over night the problem was disappeared. Sorry for this fault (both cases are now working as expected).

Voir la solution dans l'envoi d'origine

0 Compliments
8 RÉPONSES 8

Accéder à la solution
MHM Cisco World
VIP
VIP

le ‎03-01-2024 10:45 AM

Let check first case' how traffic between two host in same subnet hit FW interface?

What FW mode you run

MHM

0 Compliments

Accéder à la solution
Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎04-01-2024 01:24 AM

Sorry, for sure:
Cisco Firewall ASA 5508 K9 (asa984-43-lfbff-k8.SPA )

Best regards

Jörg
0 Compliments

Accéder à la solution
MHM Cisco World
VIP
VIP
En réponse à Joerg.Teske

le ‎04-01-2024 01:27 AM

friend I ask about the mode of operation 
router or transparent 
the traffic between two host in same subnet not need to pass via GW (in this case it FW)
MHM

0 Compliments

Accéder à la solution
Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎04-01-2024 04:27 AM

For test the two elements are directly connected (Ethernet cable - no routing):

[cid:image004.png@01DA3F10.77093650]


0 Compliments

Accéder à la solution
Joerg.Teske
Level 1
Level 1

le ‎04-01-2024 04:31 AM

Updated figures:

cases-updated.jpg

0 Compliments

Accéder à la solution
MHM Cisco World
VIP
VIP
En réponse à Joerg.Teske

le ‎04-01-2024 06:26 AM

check below notes 
why ASA see traffic forward to other host not it interface ?

cases-updated.jpg

0 Compliments

Accéder à la solution
Joerg.Teske
Level 1
Level 1
En réponse à MHM Cisco World

le ‎05-01-2024 02:10 AM

Thank you for the notes.

Finally I found the problem.

Due to a very big arp timeout (14400) and first connection of the equipment I did not see that the MAC was still not known.

Over night the problem was disappeared. Sorry for this fault (both cases are now working as expected).

0 Compliments

Accéder à la solution
MHM Cisco World
VIP
VIP
En réponse à Joerg.Teske

le ‎05-01-2024 02:13 AM

dont worry friend 
Glad issue is solved 
have a nice day 
MHM

Liens rapides

Parcourez les liens directs de la Communauté et profitez de contenus personnalisés en français

Partager un document Rédiger un blog Vidéos R&S
Customers Also Viewed These Support Documents