Re: Newer trouber shoot ASA5505

fan.yang · ‎10-23-2017

Hello guys..

I meet one problem that I have no idea what and how to check.

See below my network drawing, two firewalls (ASA5505) are there between PRC domain and DMZ domain and Business domain. One of my PRC domain server RAE (10.41.10.3) is looking for a lincense server (10.41.3.100) in business network. It stop work from early this month. I still can ping to the license server from DMZ servers, for example the DMZAD1, but I can not ping to the lincense server from any PRC servers. Since it works before, I assume it is a problem on firewall B.

I am totally new to firewall configuration, so although I can login the firewall, I don't know what and how to check. Can someone kindly throw me some idea?

Flavio Miranda · ‎10-23-2017

Hi @fan.yang

SSH to Firewall B then run a capture command. Capture is similar to a sniffer or syslog and will alow you to see packets back and forth.

You just need to know the interfaces in/out, source and destination IP address and TCP ports.

You can omit some information as well.

If you didnt see any log on capture, Maybe tr packet is not getting into this Firewall.

capture <Capture Name> interface <Interface> match tcp host <Source IP> host <Destination IP> eq <Port>

you can show packets with "show capture "Capture name"

-If I helped you somehow, please, rate it as useful.-

fan.yang · ‎11-01-2017

Thank you for your advice.

We finally found out it is not a firewall issue. Someone changed the setting at the other end :(