Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2771
Views
0
Helpful
5
Replies

Cisco Packet Tracer in firewall

Debabrata Majhi
Level 1
Level 1

‎11-03-2017 08:48 AM - edited ‎02-21-2020 06:38 AM

Suppose in a environment multiple firewall .Here is the below example

A-is a host

B-is 1st firewall in which A is connected

C- is a firewall

D-is a firewall

E - is host connected with D firewall.

A will travel if he wants to connect E

1st it will go B then C,Then D, Then E.

If in firewall D traffic is blocked for A to E and in B and C firewall is allowed for all traffic for A to E.

Now in this scenario if I run packet tracer from A to E in firewall B what information will get is the  traffic show allowed or Drop?

 

Labels:
0 Helpful
5 Replies 5

mikael.lahtela
Level 4
Level 4

‎11-03-2017 08:57 AM

Hi,

Packet tracer will show what ever happens in the specific firewall, not what happen in rest of the network.
So if traffic is allowed in B, then is should show Allow.

br, Micke
0 Helpful

Debabrata Majhi
Level 1
Level 1
In response to mikael.lahtela

‎11-03-2017 09:04 AM

Hi Mikael_Lahtela

 

Thanks for your reply

 

0 Helpful

Marius Gunnerud
VIP
VIP

‎11-04-2017 04:30 PM

Packet tracer simulates a packet through the firewall you are running packet tracer on, not end to end.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Debabrata Majhi
Level 1
Level 1
In response to Marius Gunnerud

‎11-05-2017 09:24 PM

Hi,

Thanks for all your response.

I would like to add one more point that is how can I get the entire path from source to destination?

If I run traceroute from source firewall Can I get the all firewall details in between source firewall and destination host?

Thanks

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Debabrata Majhi

‎11-05-2017 10:57 PM

Traceroute will give you all the devices in the path.  But ASA drops Traceroute by default and does not count as a hop by default.

The following needs to be done on all the firewalls in the path for you to be able to see them in traceroute.  I recommended that you remove the decrement-ttl command once you are finished testing.

policy-map global_policy

 

  class class-default

    set connection decrement-ttl

access-list outside-in extendend permit icmp any any time-exceeded

access-list outside-in extended permit icmp any any unreachable

access-group outside-in in interface outside

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card