Skip to main content

Debugging on Cisco ASA


Most of debuging on Cisco ASA can be done with simply entering "debug" in front of command for which we want to do debugging. For example if wanted to see/capture icmp traffic from user enter: 


ASA1#debug icmp trace ... ICMP echo request from 192.168.1.50 to 192.168.1.1 ID=512 seq=5120 len=32 ICMP echo reply from 192.168.1.1 to 192.168.1.50 ID=512 seq=5120 len=32

In order to disable debug icmp trace, You can use commands; "no debug icmp trace", or "undebag all" which turn off all debugging. Also to be able to see debugging mesages in the ssh session, "terminal monitor"command is needed: 

ASA1#terminal monitor

To turn the debugging output off, use "terminal no monitor"

If want to enable detailed debugging of Ipsec, You can use command "debug crypto isakmp number". Number is 1-255. 1 is default and shows least debuggin messages, 255 shows the most: 

ASA-A#debug crypto isakmp 150 ASA-A#no debug all

Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable
Post a Comment
Read more

Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
Post a Comment
Read more