Debugging on Cisco ASA

Most of debuging on Cisco ASA can be done with simply entering "debug" in front of command for which we want to do debugging. For example if wanted to see/capture icmp traffic from user enter:

ASA1#debug icmp trace ... ICMP echo request from 192.168.1.50 to 192.168.1.1 ID=512 seq=5120 len=32 ICMP echo reply from 192.168.1.1 to 192.168.1.50 ID=512 seq=5120 len=32

In order to disable debug icmp trace, You can use commands; "no debug icmp trace", or "undebag all" which turn off all debugging. Also to be able to see debugging mesages in the ssh session, "terminal monitor"command is needed:

ASA1#terminal monitor

To turn the debugging output off, use "terminal no monitor".

If want to enable detailed debugging of Ipsec, You can use command "debug crypto isakmp number". Number is 1-255. 1 is default and shows least debuggin messages, 255 shows the most:

ASA-A#debug crypto isakmp 150 ASA-A#no debug all

Comments

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable

Access Control Lists (extended)

Access Control List or ACL is a technic of controling network traffic. It is a list of rules with which traffic flow can be manipulated - permitted or denied. By default, traffic flow from the interface with the higher security level (for example "inside" interface) to interface with the lower security level (example "outside" interface) is allowed by default, but the flow of traffic from "outside" to the "inside" interface must be explicitly permited.

Smart Giant Tech

Search This Blog