This new feature is very useful in troubleshooting or verifying your configuration. It is available in ASDM and CLI.
Syntax:
packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]
It is a good complement to the capture command when troubleshooting. To use it, you just enter the source and destination ip and port address and the packet-tracer will provide detailed information on how the security appliance will process that packet and will also show you why it will fail based on your firewall's configuration.
Example from the command reference:
To enable packet tracing from inside host 10.2.25.3 to external host 209.165.202.158 with detailed information, enter the following:
hostname# packet-tracer input inside tcp 10.2.25.3 www 209.165.202.158 aol detailed
Learn more about the packet-tracer tool from the Quick Learning Module available from Cisco.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment