Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
5
Helpful
2
Replies

ASA 5500X with FirePOWER Services Packet Tracer/Troubleshooting/Captur

Go to solution
servio.lara
Level 1
Level 1

‎09-06-2021 01:45 PM

Hello, I´m working on an ASA 5545X with FirePOWER Services for the first time.

 

I´m trying to catching up on the troubleshooting approach about what activities you do at the ASA, Firepower module, and the FMC levels.

 

For example, I was used to do the Packet tracer in the FMC for Firepower or ASDM for ASA.

 

I understand that for the ASA with FirePOWER Services, you have to use the ASA (CLI/ASDM) for packet tracer and capture.

 

My question is:

 

Is there any tool available at the module or FMC. Where can I see the packet process through the Firepower Services?

Best regards.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-06-2021 11:56 PM

Hi @servio.lara,

On ASA w/ Firepower you can use combined approach. As you already realised, you'll have to go to ASA to do initial debugging, to understand if your FW is permitting traffic on L3/L4 level, by using packet capture or packet-tracer.

Once you see that your packet was forwarded to Firepower module, you have to continue troubleshooting on Firepower module, which is more-less same as on FTD. From there, you could use 'system support trace' command, to see what is happening for specific traffic.

BR,

Milos

View solution in original post

2 Replies 2

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎09-06-2021 11:56 PM

Hi @servio.lara,

On ASA w/ Firepower you can use combined approach. As you already realised, you'll have to go to ASA to do initial debugging, to understand if your FW is permitting traffic on L3/L4 level, by using packet capture or packet-tracer.

Once you see that your packet was forwarded to Firepower module, you have to continue troubleshooting on Firepower module, which is more-less same as on FTD. From there, you could use 'system support trace' command, to see what is happening for specific traffic.

BR,

Milos

Go to solution
servio.lara
Level 1
Level 1
In response to Milos_Jovanovic

‎09-08-2021 06:32 AM

Hi Milos, 

 

Thanks for the reply. 

 

Best regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card