Start the packet collection with the following command. Send the test traffic or try the telnet that fails then, stop the data collection.
kusankar-ASR1002#debug platform condition start
There is no reason to stop the collection in order to see the packets that are collected in the buffer.
kusankar-ASR1002#debug platform condition stop
How to see the packets captured
Once you find out what is being dropped we can focus on that particular packet to get more details. In this case packet 17,20 and 28 are dropped due to firewall policy. Let us see if this is the telnet packet from 18.104.22.168 destined to 172.18.124.1.
kusankar-ASR1002#sh platform packet-trace sum | i DROP
Pkt Input Output State Reason
17 Gi0/0/0 Gi0/0/3 DROP 183 (FirewallPolicy)
20 Gi0/0/0 Gi0/0/3 DROP 183 (FirewallPolicy)
28 Gi0/0/0 Gi0/0/3 DROP 183 (FirewallPolicy)
This command below will give more detail about packet no: 17. Clearly the feature ZBFW is dropping the packet. Notice the input interface, output interface, source IP, destination IP, protocol and port.
Hi, My company is unwilling to set up split routing, for security reasons. Therefore, they ask us to disconnect from the VPN for bandwidth-intensive activities like VoIP and file downloads. This is cumbersome, as reconnecting requires us to input our...
Men, things here are crazy....I bought a RV345 vpn cisco router for my home(I have a IP static here), and I want to connect to it remotely using my laptop (windows 7 home premium). My question is: What is the cheapest and SIMPLE way to connect without usi...
Hello we have a pair of ASA 5515-X firewalls.VPN works fine however on Linux, no matter what we do it will still add the iptables rules.We have disabled the client firewall in ASDM, but it's still being added.We even tried adding a script on connect to fl...