Difference between revisions of "Troubleshooting ASA Firewalls"
From Tech-Wiki
| Line 56: | Line 56: | ||
# show logging | # show logging | ||
| − | Packet- | + | Packet-tracer |
packet-tracer input interface_name tcp 1.1.1.1 1234 2.2.2.2 5678 | packet-tracer input interface_name tcp 1.1.1.1 1234 2.2.2.2 5678 | ||
Revision as of 22:10, 19 July 2018
Resource use
show cpu usage show cpu usage detailed show memory show blocks
Hardware and license information
show version show module all show mode
Connections and translations
show conn ! idle == no packets received for the last x seconds show perfmon show nat ! idle == last conn created was x seconds ago ! i-dynamic.timeout == will begin when the last conn is removed (3 hours) ! r-portmap.timeout == will begin when the last conn is removed (30 seconds) ! s-static.timeout == does not have show xlate show xlate detail show local-host
Drops
show service-policy show asp drop show logging
High availability
show failover
Interface information
show ip show nameif show traffic show route | inc 10.1.1.1
Debug
terminal monitor ! SSH sessions show arp debug icmp trace debug arp debug esmtp debug http
Logging
(config)# logging enable (config)# logging timestamp (config)# logging buffered debugging (config)# logging monitor debugging (config)# logging trap debugging (config)# logging buffer-size 65000 # show logging
Packet-tracer
packet-tracer input interface_name tcp 1.1.1.1 1234 2.2.2.2 5678
VPN
show crypto isakmp sa show crypto ipsec sa