09-09-2013 11:30 AM - edited 03-11-2019 07:35 PM
Hi,
Can anyone awnser this questions?
Kind regards,
AS
Solved! Go to Solution.
09-09-2013 11:40 AM
Hello Antonio,
For this particular traffic (HTTP, HTTPS) there will be only one session or data channel so with a regular packet-tracer you will be able to determine whether the returning traffic will be allowed or not.
An example would be with ICMP (without the stateful inspection you will see a drop on the packet-tracer.. It points to an ACL issue I think).
What I will provide you is a really useful command that not all of the people is aware of:
show service-policy flow tcp host x.x.x.x host x.x.x.x eq 80
You will be seeing if a policy inspection or parameter is matched
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-09-2013 11:40 AM
Hello Antonio,
For this particular traffic (HTTP, HTTPS) there will be only one session or data channel so with a regular packet-tracer you will be able to determine whether the returning traffic will be allowed or not.
An example would be with ICMP (without the stateful inspection you will see a drop on the packet-tracer.. It points to an ACL issue I think).
What I will provide you is a really useful command that not all of the people is aware of:
show service-policy flow tcp host x.x.x.x host x.x.x.x eq 80
You will be seeing if a policy inspection or parameter is matched
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-09-2013 03:37 PM
Hi J,
I´m confuse about one situation. In on of my branch companies, I have conected to my ASA inside port a ISR 2911/K9, doing router on the stick to my vlan´s. But now I have do conect a service on the main office. So I will do a Site-to-Site VPN on the ASA. But the local network is on of my vlans.
So what will happen, I do the VPN and the ASA Route the traffic to the ISR and vice versa?
Kind Regards,
AS
09-09-2013 03:43 PM
Hello Antonio,
Exactly, You build the VPN between the ASA and the other site and the ASA routes and encrypts the traffic properly
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-09-2013 03:49 PM
Hi J
Ok. Two days from now I will test it.
Take care man.
AS
09-09-2013 03:52 PM
Hello Antonio,
Sure, keep me posted!
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-09-2013 03:56 PM
Sure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide