IP on SAA packets debugging

I used the "debug ip packet detail list # ' for years on the routers. Is there a similar command on the SAA?

Thank you

Allyn

Watch the capture on the ASA command. It's pretty neat, and I believe you will find what you are looking for in this command. It captures the packets flowing through the ASA. It allows you to use access lists to control what it will capture.

HTH

Rick

Tags: Cisco Security

Similar Questions

Wildcard SSL Cert "Installed successfully", but doesn't show - ASA5505 9.2 (2) 4

I am installing a certificate with wildcards on an ASA5505, but it is not appear after installation.

The cert is in use elsewhere very well. I installed the intermediate CA certs and which shows very well. Import the PKCS12 format file (also imported elsewhere very well). Interface ASDM said that it has been imported "successfully." But the cert never appears in the list of installed certificates, or it appears in drop downs to assign a cert to an interface.

Thoughts?

Please try to download the certificate via the command line:

Example of configuration:

conf t

Crypto ca trustpoint Wildcard_certificate
Terminal registration

output
!
crypto ca Wildcard_certificate pkcs12 import

"Then paste the PKCS12 PEM format" and type "quit" and then Enter.

While you download the certificate please activate debugs the following on the SAA.
debug operations cryptographic ca 255
Crypto ca 255 debug messages

Debugs will give a clear picture of what happens when you try to download the certificate.

Concerning

Véronique

Debugging printer Packet newspapers

I would like to 'Debug' of the traffic of the printer. However, I am not sure of the syntax.

I was using pix # debug package CBC 192.168.11x.xxx netmask 255.255.255.255 255.255.255.255 subnet mask dst 10.100.2.xxx

Because this has not worked for me, I know that the syntax is incorrect. Could someone post the proper syntax?

Thank you..

Syntax:

http://www.Cisco.com/en/us/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html

[No] debug [CBC source_ip [mask netmask]] package if_name [dst dest_ip [mask netmask]] | [proto udp [sport src_port] [dport dest_port]] [rx: tx | time]

Example:

debug in src 192.168.11x.xxx netmask 255.255.255.255 package dst 10.100.2.xxx netmask 255.255.255.255 times

or for tcp port 9100

debug the package inside the CBC 192.168.11x.xxx netmask 255.255.255.255 dst 10.100.2.xxx netmask 255.255.255.255 proto tcp dport 9100 times

sincerely

Patrick

Inspection ASA DNS debugging

How can I debug ASA (inspection of DNS 9.1 (1))? Specifically, the ASA does not block queries associated with applications to dig as follows to never reach "the.name.server":

dig @the.name.server t ptr 1.2.3.4.reverse.somedomain.com.

And I would like to be able to see how he responds to the query (and decisive) to block.

I'm really just one question for the instructions of debugging that might help me to solve this, but if someone can tell me what it is this query that the ASA does not like what would be very useful. It blocks the request even with very basic inspection enabled:
```
policy-map type inspect dns preset_dns_map parameters   message-length maximum client auto   message-length maximum 4096 policy-map global_policy class inspection_default   inspect dns preset_dns_map
```
If I have the dns preset_dns_map "inspect" in it the ASA blocks the request, but if I remove the dns preset_dns_map "inspect" the query works fine.

(Just to be clear, the customer in question is located on the SAA within the interface and "the.name.server" is on the external interface).

Hello

I didn't do it myself at any time

I found that there is at least 3 different debugging associated controls to "check the dns".
- debugging inspect dns errors
- debugging inspect dns events
- debugging inspect dns packets
Maybe some of them lighting up could bring some clarification to whats happening.

Under the following configuration mode

type of policy-map inspect dns parameters preset_dns_map - see more at: https://supportforums.cisco.com/thread/2201942?tstart=0#sthash.3j02GDqr.dpuf

type of policy-map inspect dns parameters preset_dns_map - see more at: https://supportforums.cisco.com/thread/2201942?tstart=0#sthash.3j02GDqr.dpuf

type of policy-map inspect dns parameters preset_dns_map - see more at: https://supportforums.cisco.com/thread/2201942?tstart=0#sthash.3j02GDqr.dpuf

type of policy-card inspect dns preset_dns_map

parameters

There is an option called

ASA(config-pmap-p) #?

Strategy-card MPF parameter configuration commands:

audit of the DNS Protocol-enforcement message format

Weather disabling this default setting with "no protocol-enforcement" helps or whether it is better the purpose of having to 'check the dns' I don't know.

-Jouni

Best VPN debugging commands?

Hello

I was wondering what your best VPN debugging commands are on an ASA or the router about the phase 1 and 2 and the ACL?

For example I have a site-to-site between 2 ASAs and phase 1 and 2 are on the rise, but each site cannot ping a PC on each site. I'm looking to NAT and ACLs for the moment, but all useful commands would be most appreciated.

Thank you

Two 1 go - to orders are:

ISAKMP crypto to show his

Crypto ipsec to show his

If the Phase 1 and Phase 2 are not upward by these respective commands, then go to:

Debug crypto isakmp 7

Debug crypto ipsec 7

You may need to increase the verbosity level (255 is the highest) and, if you have multiple SAs, focusing on those that you are interested in with a filter:

Debug crypto peer condition

Once you have Phase 1 and 2 but established that you are experiencing persistent problems with two-way traffic flow, look at two things:

1. at the exit of his see the crypto ipsec, decaps proportional increase with the program. If this is not the case, the remote line can't get the return traffic. Confirm with a capture of packets and/or track.

2. use the command packet - trace (CLI or GUI) on the SAA to review how it will handle a given stream. NAT and ACLs questions often are quickly visible using this tool.

Debug Crypto ISAKMP

Hello

I've been trying to set up a virtual private network and when I ran this command earlier I received a lot of output and everything seemed ok.

I could see also dest, src, etc... When I ran isakmp crypto his.

All of a sudden I have nothing now, even when I debug above. His crypto isakmp command is now empty, too, see below.

crypto ISAKMP his

IPv4 Crypto ISAKMP Security Association

status of DST CBC State conn-id slot

Suggests that the problem is with the remote end? I'd always get the display using debug crypto isakmp if the remote end is down to debug?

Just puzzled as to why the power has disappeared 'quiet '.

Thank you

Hello

There could be several reasons for the same thing:

--> Interesting traffic or other remote or local end has been interrupted for any reason any.

--> That the ASA has been showing some debugs earlier, it is unlikely that the package can't the ASA now which in turn will hit the crypto ACL (interesting traffic) triggering therefore Cryptography tunnels and debugs him.

--> There could be changes in configuration to the remote end ASA because of which the tunnel is not triggered.

The best way to solve this problem is to follow the VPN traffic or the package for tunnel VPN from its source to its destination.

I recommend the following:
- Take screenshots on the SAA hence traffic is running and see if it's the ACL crypto. Check the ACL has hit counts for the same.
http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a0080a9edd6.shtml
- Select "debug crypto isakmp 127' & see if the tunnel is triggered and debugging is generated.
- If not, then run the packet tracer and see if the VPN traffic passes all the checks, and that he is authorized by the VPN.
- If traffic is allowed under the VPN to tracers of package Phase, and you still do not see the traffic being passed through the VPN, then it might a possibility that is happening in a different tunnel and pressing a crypto ACL overlap (as appropriate) on the same source ASA.
- If the package is not seen hitting the firewall of the above capture, then the package can't certainly ASA and you will need to check the internal routing.
- You can also see that the syslogs on the ASA local drops because of any function of firewall for VPN traffic destined for.
To respond to your request, if the remote end has been down you wouldn't see debugs it unless the host is launch of traffic to the VPN to the local line. If the VPN traffic has been initiated by behind the ASA remote, and it is down then you would see not all debugs on the ASA local.

I would like to know once you have reduced it more so that we can move forward and I'll be in a better position to provide my next course of action on this.

Hope this has been informative.

Kind regards

Nick

P.S. Please mark this post as solved if the information above has helped you identify the problem or at least you move forward to resolve the issue so that other users are benifited too

El Capitan Dropping packets

After migration to El Capitan, I see a lot of messages in the console saying 01/05/2016 09:48:55.000 kernel [0]: outputPacket: data connection is closed, dropping the packetDropping package. Not being is not technical I don't know how to debug or stop these messages and which is their creation please. My hardware is macbook air with airport Time Capsule.

Problem is resolved... Although there is no ethernet cable connected on the USB for some reason any ethernet port was still open then stopped and dropped packets problem has disappeared.

Deploy the debugging token: no route to host

I'm using Linux, deploying a token of debugging on a BlackBerry Z10.

The mode of development, the dev what IP posted on the parameters is 169.254.1.1

I use the following command: blackberry - deploy - installDebugToken debugtoken.bar - device 169.254.1.1 - password

And I have the following output:

Error: Unable to connect: no route to host. Check the settings of IP address for the target. Try to ping the target.

I can't ping the device from the device using a 169.254.x.x network, unfortunately I am using a 192.168.1.x network.

I have no firewall, no VPN and the unit is plugged in USB.

169.254 network cannot be changed on the unit.

I tried to force my Linux network config, so that I have the following text:

# ifconfig

eth1 Link encap HWaddr 00:10:18:31:68:60
INET addr:169.254.1.2 Bcast:169.254.255.255 mask: 255.255.0.0
ADR inet6: fe80::210:18ff:fe31:6860 / 64 Scope: link
RUNNING BROADCAST MULTICAST MTU:1500 metric: 1
Fall of RX packets: 182264 errors: 0:0 overruns: 0 frame: 0
Dropped packets: 106368 TX errors: 0:0 overruns: 0 carrier: 0
collisions: 0 txqueuelen:1000
RX bytes: 190168290 (190.1 MB) TX bytes: 21806096 (21.8 MB)
Interruption: 18

But still, I can't ping the device...

What did I miss?

It seems that the device is properly connected to your computer, and networking has been correctly configured. However, the messages that you have found, and the lack of support of ping suggests there is still a network problem prevents you from reaching the unit.

Did you set it to 'Storage and access' mode 'Windows '? "Windows" mode is RNDIS, which works perfectly and 'Mac' mode (and perhaps her detected) are ECM and has some problems with some linux configurations.

You can reach the exit of "route ip get 169.254.1.1"? For my part, I see

169.254.1.1 dev usb0 CBC 169.254.1.2
cache

Your network (192.168. *) should not affect your debug configuration, unless your network is a 169.254. * network.

How do the error of debugging JSP page/Javascript on the Blackberry browser on Simulator

Hi, expert,

at present, we are porting a web app (html5) from Iphone to Blackberry. It is written in JSP/javascript ajax in the backend. It is usually work the browser Blackberry 6.0 on a simulator. However, one of the page could be made, it shows just a blank page.

I've seen an error like this onscreen Simulator MDS - CS:

<2011-09-05 11:57:37.822="" edt="">: [1172] :::
d receipt for non-existent packages! 904265821 >
<2011-09-05 11:57:37.854="" edt="">: [1175] :::
G = invalid, DEVICEPIN:CONNECTIONID = 2100000 a: 1770114602, SEQUENCE = 1, information
tion = packet received for a connection timed out >

However, I have seen the error on other pages when they are displayed correctly. Not sure why we continue to see this error.

So, it could be a javascript error as well. Not sure at this stage. The page is written as a JSP page with javascript/ajax inside, which is the same as other pages that work. Very weird.

No idea how I could debug to this case?

Starting from the 7.0 you can use the web Inspector and in 5.0 you can debug using our tools, but in 6.0 you're stuck with more traditional methods such as the suggestion of chicoxmlof try/catch or alert statements

WebVPN client SFR module removes the http packets

Hi, I have configured the WEBVPN access to ASA 5512 with SFR module a long time ago and internal http links have been working great.

After the ASA upgrade to 9.5 (2), module of firepower to 6.0.0 - 1005 and DefenseCentar to 6.0.0 (build 1005), I am unable to open the internal http links (also CIFS works very well at the same time).

After I connect to the WEBVPN, try to open "http://192.168.4.3" and then go to the monitoring of the ASA, I see these newspapers:

6 August 5, 2016 19:11:32 302014 192.168.4.3 80 172.16.1.2 13215 connection disassembly of the TCP 5709589 for Internal:192.168.4.3/80 to identity:172.16.1.2/13215 duration 0:00:21 bytes 0 TCP Reset-O
4 5 August 2016 19:11:19 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
4 5 August 2016 19:11:19 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
4 5 August 2016 19:11:13 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
4 5 August 2016 19:11:13 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
4 5 August 2016 19:11:10 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
4 5 August 2016 19:11:10 434002 SFR asked identity:172.16.1.2/13215 to Internal:192.168.4.3/80 TCP packet reduction
6 August 5, 2016 19:11:10 302013 172.16.1.2 13215 192.168.4.3 80 built-in TCP outgoing connection 5709589 for Internal:192.168.4.3/80 (192.168.4.3/80) at identity:172.16.1.2/13215 (172.16.1.2/13215)

172.16.1.2 is internal IP address of the ASA and 192.168.4.3 is the internal web server.

If I stop with forwarding traffic to the SFR module all work very well. I checked on DefenseCenter access policy, traffic is allowed I can see in the connection events.

Have no idea what might be a problem here?

Y at - it a debugging option more detailed why SFR removes these packages?

Thank you!

Hi Nele,

I think you might be hitting a bug.

I understand that you have an authorization for this traffic rule. But can you please create a rule to trust the IP address of the ASA for internal services that should be available in your access control strategy.

Now, check if the traffic still gets deleted.

Thank you

Guillaume

Rate if this can help.

Packet switching not EFC / what is 'classification of output EAC?

Hello

I noticed a 3945-DRY with fairly high CPU load without doing much, because there are more packages switching process that the CFR switched.

To study, I did the following:

Router #sh ip cef switching statistics feature

Input characteristics IPv4 CEF:

Feature road Drop consume Punt Punt2Host gave

Access the list 24911921 0 0 14678240 0

0 0 0 0 20433673 routing policy

24911921 0 0 14678240 20433673 total

Output features IPv4 CEF:

Feature Drop consume Punt Punt2Host new i / f

Class output EAC 715266717 0 0 0 0

Total 0 0 715266717 0 0

Characteristics of post-encap IPv4 CEF:

Feature Drop consume Punt Punt2Host new i / f

IPSEC Post-encap 1 655816389 0 0 0

Total 1 655816389 0 0 0

CEF IPv4 for us offers:

Feature Drop consume Punt Punt2Host new i / f

Total                            0          0          0          0          0

Features of punt IPv4 CEF:

Feature Drop consume Punt Punt2Host new i / f

Total                            0          0          0          0          0

Features local IPv4 CEF:

Feature road Drop consume Punt Punt2Host gave

Total                            0          0          0          0          0

Punted them (= "punted" another mechanism of switching, not switched cef) packages for the feature 'EAC exit class' increase of ~ 1000 per second.

This made me wonder, what exactly is the feature 'CEC output class'. As I can see in the following output, this feature is enabled on my Tunnel Interface:

Router ip int tu0 #sh

Tunnel0 is up, line protocol is up

The Internet address is x.x.x.x/xx

Broadcast address is x.x.x.x

Address determined by non-volatile memory

MTU is 1400 bytes

Support address is not set

Transfer of directed broadcast is disabled

Multicast reserved joined groups: 224.0.0.10

Outgoing access list is not defined

Inbound access list is not defined

Proxy ARP is disabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are never sent

ICMP unreachable is always sent

Mask the ICMP responses are never sent

IP fast switching is enabled

Fast on the same switching interface IP is disabled

IP stream switching is disabled

IP CEF switching is enabled

Vector turbo IP CEF switching

Turbo IP vector draw

Tunnel VPN routing/Forwarding "xxx".

Quick change IP multicast is enabled

Fast switching of distributed IP multicast is disabled

Flags of IP route cache is fast, CEF

Router discovery is disabled

Output IP packet accounting is disabled

Accounting of IP access violation is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Policy routing is disabled

Network address translation is disabled

BGP policy mapping is disabled

Input characteristics: process Packet Capture, check MCI, TCP adjust MSS

Characteristics of the output: classification of output of EAC, PNDH redirect, adjust EAC ranking NAT, TCP MSS, QoS preclassification

Display the characteristics of encapsulation: IPSEC Post-encap output classification

WCCP redirect outgoing is disabled

WCCP redirect incoming is disabled

WCCP redirect exclude is disabled

Someone tell me, what is "CCE output ranking" and why this is receptive used by my router?

Hello Sebastian,.

EAC is the engine of common classification. I think that its used to "match" traffic for features like qos, nat, etc.. ". Based on the "HS in you ' out, some features on the direction of the output are originally be punted packets. You can try "debug ip cef drop" for a few seconds while the meter is incremented, usually it will give a reason to punt. The most common reasons are listed below.

ACL log or log-entry option (or)

An unreachable next hop for a route (or)

A missing arp entry for a next jump (or)

Entry to arp for outside nat... etc.

Please rate this post without fault if you found it useful. *

Thank you best regards &,.

Vignesh R P

SSH connection on SAA issue.

Hello

I configured to connect to the outside using ssh ver 1/2 on the SAA. but I can't connect using SecureCRT and PuTTY ssh client software...

In addition, I have tred to connect outside the witch ASA router ssh command.

but the result is the same...

Here is the configuration on SAA.

I would like to know why I can't connect external interface of the ASA.

ASA Version 7.1 (2)

!

hostname ASA 5540

cisco.com-domain name

enable password xxxx

names of

!

interface GigabitEthernet0/0

Description * Outside *.

nameif outside

security-level 0

IP 192.168.200.2 255.255.255.0

!

interface GigabitEthernet0/1

Description * inside *.

nameif inside

security-level 100

192.168.100.2 IP address 255.255.255.0

!

interface GigabitEthernet0/2

Shutdown

No nameif

no level of security

no ip address

!

interface GigabitEthernet0/3

Shutdown

No nameif

no level of security

no ip address

!

interface Management0/0

Description * management only *.

nameif management

security-level 0

IP 192.168.250.2 255.255.255.0

management only

!

passwd xxxx

boot system Disk0: / asa712 - k8.bin

passive FTP mode

DNS server-group DefaultDNS

cisco.com-domain name

permit same-security-traffic inter-interface

pager lines 24

Enable logging

logging of debug asdm

Debugging trace record

Outside 1500 MTU

Within 1500 MTU

MTU 1500 management

no failover

ASDM image disk0: / asdm512.bin

don't allow no asdm history

ARP timeout 14400

Route outside 0.0.0.0 0.0.0.0 192.168.200.1 1

Route inside 172.16.0.0 255.255.0.0 192.168.100.1 1

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00

Timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

Timeout, uauth 0:05:00 absolute

xxxx xxxx password username

privilege 15

xxxx xxxx privilege 15 password username

Enable http server

http 0.0.0.0 0.0.0.0 outdoors

http 0.0.0.0 0.0.0.0 inside

http 0.0.0.0 0.0.0.0 management

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Telnet 0.0.0.0 0.0.0.0 inside

Telnet 0.0.0.0 0.0.0.0 management

Telnet timeout 5

SSH 0.0.0.0 0.0.0.0 outdoors

SSH timeout 60

Console timeout 0

access to administration management

!

class-map inspection_default

match default-inspection-traffic

!

!

Policy-map global_policy

class inspection_default

inspect the dns-length maximum 512

inspect the ftp

inspect h323 h225

inspect the h323 ras

inspect the netbios

inspect the rsh

inspect the rtsp

inspect the skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect the tftp

inspect the sip

inspect xdmcp

!

global service-policy global_policy

des-sha1 encryption SSL rc4 - md5

Cryptochecksum:xxxx

: end

]

Router #ssh-l cisco - c of the 192.168.200.2.

Password:

% Authentication failed.

[Connection to 192.168.200.2 closed by foreign host]

Router #.

You must specify the authentication method.

the ssh LOCAL console AAA authentication

for example.

SSH x.x.x.x x.x.x. inside | for increased security outside

Hope this helps,

THX

Jay

LDAP on SAA with the attribute-map

Hi all

I have problems to set up authentication of VPN clients on a LDAP server. The main problem is when the ASA needs to decide a strategy group for users of the non-compliance.

I use the LDAP attribute cards in the SAA to map the parameter memberOf attribute group Cisco-policy, can I associate the ad group that the user must belong to a VPN and rigth memberOf Group Policy access. This method works correctly.

But the problem is when the remote user is not in the correct group AD, I put a group by default-policy - do not have access to this type of users. After that, all users (authorized and unauthorized) fall into the same default - group policy do not have VPN access.

There are the ASA configuration:

LDAP LDAP attribute-map
name of the memberOf Group Policy map
map-value memberOf "cn = ASA_VPN, ou = ASA_VPN, OU = my group, dc = xxx, dc is com" RemoteAccess

AAA-Server LDAP protocol ldap
AAA-Server LDAP (inside) host 10.0.0.3
or base LDAP-dn = "My group", dc = xxx, dc is com
LDAP-scope subtree
LDAP-naming-attribute sAMAccountName
LDAP-login-password *.
LDAP-connection-dn cn = users, ou = "My group", dc = xxx, dc = com
microsoft server type
LDAP-attribute-map LDAP

internal group NOACCESS strategy
NOACCESS group policy attributes
VPN - concurrent connections 0

internal RemoteAccess group strategy
Group Policy attributes RemoteAccess
value of server DNS 10.0.0.3
Protocol-tunnel-VPN IPSec
field default value xxx.com

tunnel-group RemoteAccess type remote access
attributes global-tunnel-group RemoteAccess
address-pool
LDAP authentication group-server
NOACCESS by default-group-policy
tunnel-group ipsec-attributes RemoteAccess
pre-shared key *.

As you can see, I followed all of the examples available on the web site to solve the problem, but I can't get a good result.

Does anyone have a solution for this problem?

Kind regards

Guzmán

Guzman,

It should work without a doubt, that is the part to refuse already works well and the user who has the correct memberOf attribute should certainly are mapped to Allow access policy and should therefore be allowed in.

I think that's a bug as well, but I had a quick glance and see nothing correspondent, and if it was a bug in 8.2.3. so I'm not expecting you to be the first customer to discover this, so I'm still more inclined to think that it's something in the config that we neglect (I know frome experience typo can sometimes be very difficult to spot).

Could you get "debug aaa 255 Commons", so please, maybe that will tell us something.

BTW, just to be sure: you don't don't have anything (such as vpn - connections) configured in the DfltGrpPolicy, did you? Just double check since your access policy Allow would inherit that.

Maybe another test, explicitly configure a nonzero value for this parameter in the policy allow access, i.e.

Group Policy allow access attrib

VPN - 10 concurrent connections

Herbert

The number of packets of high-head ASA5510 inside Interface

We have experienced some problems with occasional connections to VPN clients. In investgating, we used the mtr utility to draw LAN upside to an external host. First jump (from the host of the ASA) packet loss seemed excessive, sometimes up to 50%. The only thing between the host and the SAA is a gigabit switch. A flood of ping to the host even to the same destinations show a 0% packet loss.

Looking at the inside interface, the use of the ASDM Interface Grapher for number packet Drop shows almost compatible 510-512 Kpackets lost.

What are the causes of thie? Can it be mitigated by reconfiguring the Auto/Auto Interface to 1000/Full? Where can I start looking for the source of this decline in package, and is this real or some artifacts of the ASA firmware?

I read somewhere that Cisco recommends that the connection between the switch and the firewall must be set to auto / auto.

Here is a troubleshooting guide for the interface on the ASA errors:

https://supportforums.Cisco.com/docs/doc-12439

Accommodation inside the switch is healthy without error?

Here is a troubleshooting guide for the VPN problems. Check to see if there is no error logs on the client when they connect.

If the problem can be replicated check for the error on the SAA logs as well.

http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a00807e0aca.shtml

Remember messages useful rate.

How to enable / on ASA5520 packet capture uploading

I need to install the packet sniffing inside and monitoring of the interfaces of the external interfaces of the SAA for indoors and outdoors. What is the syntax for surveillance, and how save/copy the .pcap off the coast of the asa? Also, how do you specify the random source (gt1023) port?

Here is my shot of dagger inside example:

entry Packet-trace within the udp 10.1.0.1 xxx 207.1.1.1 detailed sip

In addition, can I run an inside and an outside track at the same time?

Thank you

-Scott

Scott,

After setting the capture

Go to the

http://ipadd of pix/capture/OCAP/sip-trace

Make sure you have http enabled on this interface, you are trying to access.

Write it down, if this can help!

Gilbert

IP on SAA packets debugging

Similar Questions

Maybe you are looking for