10-21-2002 11:26 AM - edited 02-20-2020 10:19 PM
Hi all,
I have a bunch of PIX 506E's acting as a FW's for a VPN I have deployed. We have a Nortel Contivity client sitting behind it doing Nat Traversal connecting back to a Nortel 4500 Head end at Corp. The problem is that all other sites work except this one that just won't connect to the 4500 at the Corp office. I have spoken with the Service Provider and they have all ports blocked except 113,256,259,500. I want to know how to do an IP packet debug to confirm the PIX is not droping the attempt to connect. Please can someone send me the right commands? I have tried numerous examples and I am sorry, It is NOT IOS and the debugs suck.
Thanks,
Jerry Roy
949-221-7208
10-21-2002 08:23 PM
There is no debug packet command on the pix.
If you were running the latest code 6.2.X, there is a capture command that you can use an acl with to filter what you want captured.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/c.htm#xtocid3 .
Regards,
10-21-2002 09:01 PM
You can do:
debug packet
and this'll show you all the packets from "src" coming in on interface "if-name".
10-22-2002 01:10 PM
Hi All,
How do I clear access-list counters and not remove the access-lists themselves. The PIX "Clear" statements are a joke.
Thanks,
Jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide