Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1116
Views
0
Helpful
3
Replies

ASA packet capture

jack samuel
Level 1
Level 1

‎09-17-2016 01:04 AM - edited ‎03-12-2019 01:17 AM

Dears ,

Topology.

DMZ -Zone->>>ASA firewall>>>>>Internet router>>>>> ISP

Please find the attached files and please explain me from where the packets are getting dropped

I am trying to connect from a PC which is connected on internet router gig0/1 which is trying to access the OWA server through https OWA link , OWA is on DMZ zone of the firewall, GIG0/0 of internet router is connected to Firewall Outside interface and the OWA is static natted on the firewall with public ip address.

Router ADSL interface Public IP Address: 82.82.82.189

Static Natted OWA server: 200.200.200.200.

elaborating the connection how it is happening

  • PC has private ip address and a public DNS 8.8.8.8
  • pc request to OWA link https://abc.com , PC has a dns of 8.8.8.8 request goes out to DNS and replies come of OWA public IP address
  • OWA public ip address , firewall outside interface and Internet router internal interface all in same public ip subnet.
  • The page does not open on user PC.

is it the DNS doctoring has to be done for the static nat of the OWA server.???????

Thanks

 

Thanks

Labels:
Preview file
11 KB
0 Helpful
3 Replies 3

Hozaifa Samad
Level 1
Level 1

‎09-17-2016 08:02 PM

The best way to find out if it's ASA issue or not using capture, is to run 2 capture commands. One on the inbound interface and one on the outbound. If traffic is working fine, you should see incoming & outgoing packets on both captures. If you see packets leaving but nothing is coming back, then it's not an ASA issue.

capture cap1 interface x match ip host a host b

capture cap2 interface y match ip host a host b

show cap cap1

show cap cap2

0 Helpful

jack samuel
Level 1
Level 1
In response to Hozaifa Samad

‎09-19-2016 01:07 PM

Dear Hozaifa,

I have one doubt, when the reply goes back the packets will travel the outside interface so why we need to capture on both the interfaces. ???

thanks

0 Helpful

Hozaifa Samad
Level 1
Level 1
In response to jack samuel

‎09-19-2016 01:17 PM

Hi Jack,

I'm not clear on your question, but having captures on both interfaces will tell you if it's ASA or not ASA issue. For example if you see packing coming on inbound but not leaving outbound, then it's ASA issue. If packet coming on inbound, leaving the outbound but no return, then it's not ASA issue. Also, you can get a return on the outbound, but ASA doesn't send it back to the source, then it's ASA. Using 2 captures just to tell you what exactly is going on.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card