- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 07:03 PM - edited 03-12-2019 02:44 AM
Hi,
As you know, running debug can devices down especially on old devices and it's not safe to run it during business hour.
How about 'logging console 7' and 'logging on' on ASA?
Is it safe to run unlike running debug?
Also, this is a little off topic question but if host A can't reach host B, how do you troubleshoot or what command do you use on ASA?
Thank you!
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 07:24 PM
Hi
Logging is consuming, but less than debug. If you do logging console, depending on how much traffic asa is handling, you can face an issue to be able to type commands while on console.
I do that sometimes for specific cases but not leaving it for ever.
Regarding your troubleshooting question, you can use embedded packet-tracer tool on asa and also setup a packet capture (Wireshark).
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 07:24 PM
Hi
Logging is consuming, but less than debug. If you do logging console, depending on how much traffic asa is handling, you can face an issue to be able to type commands while on console.
I do that sometimes for specific cases but not leaving it for ever.
Regarding your troubleshooting question, you can use embedded packet-tracer tool on asa and also setup a packet capture (Wireshark).
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 07:44 PM
Thank you so much!
Plus, if I see the config on the ASA, I don't think the asdm is enabled...
How can I check if it is there and how to access thru the web so I can install asdm and look into it?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-27-2017 04:42 AM
Hi
If you do a dir disk0: you should see the asdm package.
On your config, you should have asdm image command and also http server enable + http authorization with your subnets that are allowed to access ASA through ASDM.
Thanks
PS: Please don't forget to rate and mark as correct answer if this answered your question
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
