Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1428
Views
0
Helpful
3
Replies

Can you do a debug of TCP sessions in a FWSM?

JeramelF
Level 1
Level 1

‎01-31-2014 12:53 PM - edited ‎03-11-2019 08:38 PM

Hello,

Is there any debug or show command to see when the tcp connections are opened or closed in an FWSM? I know that in the current versions of ASA for this you can do a "debug tcp", but there is any command on the FWSM to do something like this?

Thanks in advance.

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎02-03-2014 01:06 PM

I think the command is:

debug packet proto tcp

Please be careful when using this command... It could cripple your ASA (depending on the amount of traffic passing through of course.)

http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/command/reference/df.pdf

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

David White
Cisco Employee
Cisco Employee

‎02-03-2014 06:21 PM

Hi Jeramel,

I'm not quite sure what you are looking for.  Syslogs are your best bet for tracking when the FWSM creates and tearsdown a connection. 

"show conn" will display the current connections passing through the FWSM, along with their state, and what inspections are applied to them.

"debug tcp" on the ASA is really showing some internal checks which the ASA is performing on the TCP packets.  It should not be used on a loaded ASA.  As it is very verbose. 

What exactly are you looking to acheive?

Sincerely,


David.

0 Helpful

vishaw jasrotia
Level 1
Level 1

‎02-03-2014 09:11 PM

Hello,

You can do this by matching the access-list

debug access-list

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card