Troubleshooting ASA Firewalls

From Tech-Wiki
Revision as of 17:21, 17 June 2019 by Fabricio.Lima (Talk | contribs)

Jump to: navigation, search


Resource use 

show cpu usage
show cpu usage detailed
show memory
show blocks

Hardware and license information 

show version
show module all
show mode

Connections and translations 

show conn
! idle == no packets received for the last x seconds
show perfmon
show nat
! idle == last conn created was x seconds ago 
! i-dynamic.timeout == will begin when the last conn is removed (3 hours)
! r-portmap.timeout == will begin when the last conn is removed (30 seconds)
! s-static.timeout == does not have
show xlate
show xlate detail
show local-host

Drops 

show service-policy
show asp drop
show logging

Drop debug 

capture test type asp-drop all circular-buffer
show cap test | include x.x.x.x

High availability 

show failover

Interface information 

show ip
show nameif
show traffic
show route | inc 10.1.1.1

Debug 

terminal monitor ! SSH sessions
show arp
debug icmp trace
debug arp
debug esmtp
debug http

Logging 

(config)# logging enable
(config)# logging timestamp
(config)# logging buffered debugging
(config)# logging monitor debugging
(config)# logging trap debugging
(config)# logging buffer-size 65000
# show logging

Packet tracer 

packet-tracer input interface_name tcp 1.1.1.1 1234 2.2.2.2 5678

VPN 

show crypto isakmp sa
show crypto ipsec sa
Retrieved from ‘http://tech-wiki.net/index.php?title=Troubleshooting_ASA_Firewalls&oldid=1371