четверг, 9 апреля 2015 г.

Troubleshoot Connections through the PIX and ASA

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/71871-asa-pix-troubleshooting.html#s1


  • ASA Capture Feature
    The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.
    ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1
    ciscoasa(config)#capture inside_interface access-list inside_test interface inside
    
    The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.
    ciscoasa#show capture inside_interface
       1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request
    
    !--- The user IP address is 192.168.1.50.
    
    
    Note: In order to download the capture file to a system such as ethereal, you can do it as this output shows.
    
    !--- Open an Internet Explorer and browse with this https link format:
    
    https://[/]/capture//pcap
    
    Refer to ASA/PIX: Packet Capturing using CLI and ASDM Configuration Example in order to know more about Packet Capturing in ASA.

Комментариев нет: