HOW-TO general question

glenn.guzman · ‎02-20-2008

Hello there,

I have an app server seating on my PIX's DMZ and I need to know how can I monitor (in real time) inbound traffic from the Outside interface (users out there) to the specific host 192.168.2.4 (app server) on the DMZ interface...

Basically i need to know if inbound traffic can actually reach the server AND if so... I need to check if that traffic is coming back from the server to the PIX and back to the end user out there

makes sense ?

Glenn

cisco24x7 · ‎02-20-2008

Monitoring on the Pix is very limited. You may

want to do this on the upstream router using

NetFlow. NetFlow can provide you with very

accurate information.

The other alternative is you can monitor

on the server itself, if the server is

Linux. You can use a freeware tool called

iptraf. I use it, excellent tool.

CCIE Security

abinjola · ‎02-20-2008

hello Glenn, Yes you can certainly monitor this traffic in extensive detail and also verify if the packet is returning back or not

on the DMZ interface set the

following Packet Captures :-

access-l abc permit ip host host 192.168.2.4

and then another ACL in reverse order for return traffic

access-l abc permit ip host 192.168.2.4 host x.x.x.x

x.x.x.x-->ip address of source on outside

Capture cpz access-l abc packet-length 1518 interface DMZ

generate the traffic and afterwards use the following command to check the packet captures

show capture cpz

The other way is to set logging on Pix firewall which is a very good way to report the traffic through the pix on a syslog server

does this help !

gleguzgo0166 · ‎02-20-2008

you got to excuse my language but HELL yeah it does!!!!

Thanks a lot my friend!!

Glenn

abinjola · ‎02-20-2008

I am glad..my post at 12 in the night did not go waste ..cheers