06-13-2013 03:13 AM - edited 03-11-2019 06:57 PM
Hi All,
I'd like to see if an ASA is blocking / dropping traffic whenI try to connect to a server. I'm basically getting timeout errors every so often, and want to see if it's the ASA which is in the path of the traffic.
What's the best Debug command to run to see IP traffic in general and check if the ASA is causing issues? Can I filter the debug via IP so I can narrow it down to whatever my source IP is? New to the ASA and want to narrow my debug down as much as I can.
Thanks
06-13-2013 03:16 AM
Hi,
The easiest way to test this is when you know the source and destination IP address and ports used by the connection
Then you can use the "packet-tracer" command on the ASA
packet-tracer input
The
- Jouni
06-13-2013 04:10 AM
Hi,
Thanks for that. WHen using this command, can I leave out certain parts, e.g Source port? As this would be randomly generate I'd imagine. Can I just use Source IP with the packet tracer command?
06-13-2013 04:45 AM
Hi,
You need to enter the information mentioned above.
You can insert any random source port you want so its not really an issue with using this command.
- Jouni
06-13-2013 04:51 AM
The command isn't available from CLI or ASDM.. It's running in transparent mode but i'm sure there are default settings causing an issue somewhere.
It's a 551X.
06-13-2013 04:56 AM
Hi,
Yes, the command is not available when the ASA is in Transparent mode.
If I am not mistaken (dont use Transparent firewalls really) you still should be able to do a packet capture on the ASA.
Have you monitored the ASA logs while connecting to the remote site?
Are you facing problems connecting to some local server behind the ASA or is the server on the Internet?
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide