Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1647
Views
0
Helpful
2
Replies

How to find the ingress interface for traffic

Go to solution
mors105
Level 1
Level 1

‎09-17-2013 09:04 AM - edited ‎03-11-2019 07:40 PM

Hi, I have a few ASA's configured with multiple interfaces and multiple sub-interfaces. With many different subnets behind these interfaces.

Is there any easy way from the command line to work out which interface from a specific IP is coming in on. e.g say I have a host behind interface gi1/0.200 and it's pinging the sub-interface address x.x.x.x of gi1/0.200 - How do I know if I just do a debug icmp trace etc? I can see traffic coming in, but not on what interface.

On occasion I inherit a firewall without a topology diagram and have a nightmare finding out what traffic is coming in what interface. This is no good to me if I've got 20 interfaces and 50 subnets behind them.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-17-2013 09:15 AM

Hi,

The ASA doesnt really have that many routing related commands as some Cisco IOS devices.

I don't know really if there is any other way to determine the current setup other than checking the routing table.

The following command will show the current routing table

show route

The following command will show the currently configured static routes

show run route

If you want a brief information about the actual interfaces and their IP addresses you can use the following

show ip address

The following also shows similiar information but not for example the subnet mask of the interface

show interface ip brief

If you are referring to seeing what traffic is going through the firewall and where its originated from then you should have the "logging" level set to "informational". This will by default show you log messages related to connection and translation forming. Naturally you have to configure this for the location where you are viewing the logs

For example

  • buffered = Device log buffer
  • trap = Syslog server
  • asdm = The ASDM Monitoring sections logging window

Naturally you can also see the source and destination interface in the connection table

show conn

show conn long

I don't think the ASA really has any other way to show you how the network is built. You just have to refer to the actual configuration and routing table.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎09-17-2013 09:15 AM

Hi,

The ASA doesnt really have that many routing related commands as some Cisco IOS devices.

I don't know really if there is any other way to determine the current setup other than checking the routing table.

The following command will show the current routing table

show route

The following command will show the currently configured static routes

show run route

If you want a brief information about the actual interfaces and their IP addresses you can use the following

show ip address

The following also shows similiar information but not for example the subnet mask of the interface

show interface ip brief

If you are referring to seeing what traffic is going through the firewall and where its originated from then you should have the "logging" level set to "informational". This will by default show you log messages related to connection and translation forming. Naturally you have to configure this for the location where you are viewing the logs

For example

  • buffered = Device log buffer
  • trap = Syslog server
  • asdm = The ASDM Monitoring sections logging window

Naturally you can also see the source and destination interface in the connection table

show conn

show conn long

I don't think the ASA really has any other way to show you how the network is built. You just have to refer to the actual configuration and routing table.

- Jouni

0 Helpful

Go to solution
mors105
Level 1
Level 1
In response to Jouni Forss

‎09-18-2013 08:13 AM

Thanks Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card