Download pdf - Cisco ASA Troubleshooting Commands _ Itsecworks

26/12/2014 CiscoASAtroubleshootingcommands|itsecworks

http://itsecworks.com/2013/09/18/ciscoasatroubleshootingcommands/#UptimeoftheVPNtunnels 1/37

RSS Subscribe:RSSfeeditsecworksItisallaboutsecurityandcoIhavealreadymet

CiscoASAtroubleshootingcommands

PostedonSeptember18,2013

5

i7Votes

Withmyrequirementsforanynetworkinglayer3securitydeviceIcollectedthebasiccommandsthatyouhavetoknoworyouwillnotbeabletomanageyourdevice.

1.0Checkthebasicsettingsandfirewallstates

CheckthesystemstatusCheckthehardwareperformanceChecktheHighAvailabilitystateCheckthesessiontableofthefirewall

2.0Checktheinterfacesettings

Checkthestate,speedandduplexityanIPoftheinterfacesChecktheARPTable

3.0ChecktheRoutingTable

Checkthematchingroute

4.0VPNTroubleshooting

ChangethetunnelstateCheckthetunnelstateCheckpacketcountersforthetunnel



ChecktheuptimeoftheVPNTunnels

5.0sniffertrace

6.0Viewloggingoncli

ConfigureloggingViewingthelogs

7.0Inspectionandaspdrop

8.0ThreatDetection(checkthetoptalkers)

9.0BackupandRestore

1.0Checkthebasicsettingsandfirewallstates

Checkthesystemstatus

Toseetheactualsoftwareversion,operationalmode,HA,etcandthesystemtime:

myfirewall/pri/act#showfirewallFirewallmode:Router

myfirewall/pri/act#showversion

CiscoAdaptiveSecurityApplianceSoftwareVersion9.1(1)DeviceManagerVersion7.1(1)52

CompiledonWed28Nov1210:38bybuildersSystemimagefileis"disk0:/asa911k8.bin"Configfileatbootwas"startupconfig"

myfirewallup218days1hourfailoverclusterup5years10days

Hardware:ASA5520,2048MBRAM,CPUPentium4Celeron2000MHz,InternalATACompactFlash,256MBBIOSFlashM50FW080@0xfff00000,1024KB



Encryptionhardwaredevice:CiscoASA55xxonboardaccelerator(revision0x0)Bootmicrocode:CN1000MCBOOT2.00SSL/IKEmicrocode:CNLiteMCSSLmPLUS2.03IPSecmicrocode:CNliteMCIPSECmMAIN2.08Numberofaccelerators:1

0:Ext:GigabitEthernet0/0:addressis001f.abcc.a8c6,irq91:Ext:GigabitEthernet0/1:addressis001f.abcc.a5e7,irq92:Ext:GigabitEthernet0/2:addressis001f.abcc.a5e8,irq93:Ext:GigabitEthernet0/3:addressis001f.abcc.a5e9,irq94:Ext:Management0/0:addressis001f.abcc.a5ea,irq115:Int:Notused:irq116:Int:Notused:irq5

Licensedfeaturesforthisplatform:MaximumPhysicalInterfaces:UnlimitedperpetualMaximumVLANs:150perpetualInsideHosts:UnlimitedperpetualFailover:Active/ActiveperpetualEncryptionDES:EnabledperpetualEncryption3DESAES:EnabledperpetualSecurityContexts:2perpetualGTP/GPRS:DisabledperpetualAnyConnectPremiumPeers:2perpetualAnyConnectEssentials:DisabledperpetualOtherVPNPeers:750perpetualTotalVPNPeers:750perpetualSharedLicense:DisabledperpetualAnyConnectforMobile:DisabledperpetualAnyConnectforCiscoVPNPhone:DisabledperpetualAdvancedEndpointAssessment:DisabledperpetualUCPhoneProxySessions:2perpetualTotalUCProxySessions:2perpetualBotnetTrafficFilter:DisabledperpetualIntercompanyMediaEngine:DisabledperpetualCluster:Disabledperpetual

ThisplatformhasanASA5520VPNPluslicense.

Failoverclusterlicensedfeaturesforthisplatform:MaximumPhysicalInterfaces:UnlimitedperpetualMaximumVLANs:150perpetualInsideHosts:UnlimitedperpetualFailover:Active/ActiveperpetualEncryptionDES:EnabledperpetualEncryption3DESAES:Enabledperpetual



SecurityContexts:4perpetualGTP/GPRS:DisabledperpetualAnyConnectPremiumPeers:4perpetualAnyConnectEssentials:DisabledperpetualOtherVPNPeers:750perpetualTotalVPNPeers:750perpetualSharedLicense:DisabledperpetualAnyConnectforMobile:DisabledperpetualAnyConnectforCiscoVPNPhone:DisabledperpetualAdvancedEndpointAssessment:DisabledperpetualUCPhoneProxySessions:4perpetualTotalUCProxySessions:4perpetualBotnetTrafficFilter:DisabledperpetualIntercompanyMediaEngine:DisabledperpetualCluster:Disabledperpetual

ThisplatformhasanASA5520VPNPluslicense.

SerialNumber:JMX4567L1DARunningPermanentActivationKey:0x650e67580x345sb6160x1233615a0xc234fca30x111e9982Configurationregisteris0x1Configurationlastmodifiedbyadminat10:41:22.791CEDTFriSep132013

Thefailoverstate.

myfirewall/pri/act(config)#shfailoverstate

StateLastFailureReasonDate/TimeThishostPrimaryActiveNoneOtherhostSecondaryStandbyReadyIfcFailure17:38:56CEDTJun102013dmz5:Failedinside:Failed

====ConfigurationState===SyncDoneSyncDoneSTANDBY====CommunicationState===Macset

Toseewhatthefirewallhasseensofar,thetrafficmixconserningtheenabledinspections:



myfirewall/pri/act(config)#shservicepolicy

Globalpolicy:Servicepolicy:global_policyClassmap:inspection_defaultInspect:dnspreset_dns_map,packet6206448,drop1493,resetdrop0,v6failclose0Inspect:ftp,packet0,drop0,resetdrop0,v6failclose0Inspect:netbios,packet285884,drop0,resetdrop0,v6failclose0Inspect:tftp,packet0,drop0,resetdrop0,v6failclose0Inspect:icmp,packet14657730,drop1226951,resetdrop0,v6failclose0Inspect:icmperror,packet10377,drop0,resetdrop0,v6failclose0Inspect:dcerpc,packet199070,drop0,resetdrop0,v6failclose0tcpproxy:bytesinbuffer0,bytesdropped0

Checkthehardwareperformance

Toseewhatisthestateofthecpuandthememory:

myfirewall/pri/act(config)#shcpuusageCPUutilizationfor5seconds=8%;1minute:9%;5minutes:9%myfirewall/pri/act(config)#myfirewall/pri/act(config)#myfirewall/pri/act(config)#shmemoryFreememory:1722679208bytes(80%)Usedmemory:424804440bytes(20%)Totalmemory:2147483648bytes(100%)

myfirewall/pri/act#showprocessescpuusagesortedPCThread5Sec1Min5MinProcess0x0827e7310x6e5d2d8c8.4%8.7%8.5%DispatchUnit0x0878d2de0x6e5bf2540.2%0.9%0.4%ARPThread0x090b01550x6e5b7fb40.2%0.2%0.1%ssh0x08785b0e0x6e5bf4600.0%0.0%0.0%IPThread0x081735b40x6e5c56a00.0%0.0%0.0%CTMmessagehandler0x08cdd5cc0x6e5c25800.0%0.0%0.0%update_cpu_usage0x084e29360x6e5c04c00.0%0.0%0.0%fover_health_monitoring_thread0x0935c8320x6e5bc9640.0%0.0%0.0%vpnfol_thread_timer0x080596a40x6e5d31a40.0%0.0%0.0%block_diag0x08854a740x6e5d29740.0%0.0%0.0%WebVPNKCDProcess0x084c6b6d0x6e5d27680.0%0.0%0.0%CFOIR



0x08eafaec0x6e5d255c0.0%0.0%0.0%lina_int0x0807209d0x6e5d1f380.0%0.0%0.0%ReloadControlThread0x080863690x6e5d1d2c0.0%0.0%0.0%aaa0x0916ad6d0x6e5d1b200.0%0.0%0.0%UserFromCertThread0x0916ad6d0x6e5d19140.0%0.0%0.0%aaa_shim_thread0x080bae3c0x6e5d14fc0.0%0.0%0.0%CMGRServerProcess0x080bd4ad0x6e5d12f00.0%0.0%0.0%CMGRTimerProcess0x0816d4550x6e5d049c0.0%0.0%0.0%CTMDaemon0x081df2c50x6e5d02900.0%0.0%0.0%SXPCORE0x081d70410x6e5d00840.0%0.0%0.0%RBMCORE0x081cde3c0x6e5cfe780.0%0.0%0.0%cts_task0x081cf2ed0x6e5cfc6c0.0%0.0%0.0%cts_timer_task0x0827c8040x6e5cf43c0.0%0.0%0.0%dbgtrace0x0856b1940x6e5cec0c0.0%0.0%0.0%557mcfix0x0856b1260x6e5cea000.0%0.0%0.0%557statspoll...

myfirewall/pri/act#showprocessesinternals

InvokedGiveupsMax_RuntimeProcess100.025block_diag1926681692192668169232.679DispatchUnit376883600.189WebVPNKCDProcess100.012CFOIR100.001lina_int100.003ReloadControlThread3743052337050.135aaa1041.427UserFromCertThread64630.104aaa_shim_thread200.009CMGRServerProcess200.008CMGRTimerProcess100.001CTMDaemon6200.044SXPCORE...

myfirewall/pri/act(config)#shperfmon

PERFMONSTATS:CurrentAverageXlates0/s0/sConnections0/s0/sTCPConns0/s0/sUDPConns0/s0/sURLAccess0/s0/sURLServerReq0/s0/sTCPFixup0/s0/sTCPInterceptEstablishedConns0/s0/s



TCPInterceptAttempts0/s0/sTCPEmbryonicConnsTimeout0/s0/sHTTPFixup0/s0/sFTPFixup0/s0/sAAAAuthen0/s0/sAAAAuthor0/s0/sAAAAccount0/s0/s

VALIDCONNSRATEinTCPINTERCEPT:CurrentAverageN/A100.00%

ChecktheHighAvailabilitystate

togettheHighAvailabilitystateinfowithshowfailovercommand:

myfirewall/pri/act(config)#showfailover?

execmodecommands/options:descriptorShowfailoverinterfacedescriptors.Twonumbersareshownforeachinterface.Whenexchanginginformationregardingaparticularinterface,thisunitusesthefirstnumberinmessagesitsendstoitspeer.Anditexpectsthesecondnumberinmessagesitreceivesfromitspeer.Fortroubleshooting,collecttheshowoutputfrombothunitsandverifythatthenumbersmatch.execShowfailovercommandexecutioninformationhistoryShowfailoverswitchinghistoryinterfaceShowfailovercommandinterfaceinformationstateShowfailoverinternalstateinformationstatisticsShowfailovercommandinterfacestatisticsinformation|Outputmodifiers

Checkthefailoverstate:

myfirewall/pri/act(config)#showfailoverFailoverOnFailoverunitPrimaryFailoverLANInterface:failoverGigabitEthernet0/2(up)UnitPollfrequency1seconds,holdtime15seconds



InterfacePollfrequency5seconds,holdtime25secondsInterfacePolicy1MonitoredInterfaces3of160maximumVersion:Ours9.1(1),Mate9.1(1)LastFailoverat:07:31:49CESTFeb122013Thishost:PrimaryActiveActivetime:18841674(sec)slot0:ASA5520hw/swrev(2.0/9.1(1))status(UpSys)Interfacedmz5(192.168.36.1):Normal(Monitored)Interfacedmz6(192.168.47.1):Normal(NotMonitored)Interfaceinside(172.24.3.5):Normal(Monitored)Interfaceoob(192.168.99.1):Normal(Monitored)Interfacemanagement(0.0.0.0):NoLink(NotMonitored)slot1:emptyOtherhost:SecondaryStandbyReadyActivetime:0(sec)slot0:ASA5520hw/swrev(2.0/9.1(1))status(UpSys)Interfacedmz5(192.168.36.2):Normal(Monitored)Interfacedmz6(192.168.47.2):Normal(NotMonitored)Interfaceinside(172.24.3.6):Normal(Monitored)Interfaceoob(192.168.99.2):Normal(Monitored)Interfacemanagement(0.0.0.0):Normal(NotMonitored)slot1:empty

StatefulFailoverLogicalUpdateStatisticsLink:failoverGigabitEthernet0/2(up)StatefulObjxmitxerrrcvrerrGeneral372747905024530730syscmd2452421024524150uptime0000RPCservices0000TCPconn1275302000UDPconn177064010360ARPtbl35100728406210Xlate_Timeout0000IPv6NDtbl0000VPNIKEv1SA0000VPNIKEv1P20000VPNIKEv2SA0000VPNIKEv2P20000VPNCTCPupd0000VPNSDIupd0000VPNDHCPupd0000SIPSession0000RouteSession306520000UserIdentity5010



CTSSGTNAME0000CTSPAC0000TrustSecSXP0000IPv6Route0000

LogicalUpdateQueueInformationCurMaxTotalRecvQ:0882453116XmitQ:029381560801

myfirewall/pri/act(config)#showfailoverinterfaceinterfacefailoverGigabitEthernet0/2SystemIPAddress:192.168.92.109255.255.255.252MyIPAddress:192.168.92.109OtherIPAddress:192.168.92.110

myfirewall/pri/act(config)#showfailoverdescriptordmz5send:000200000e000000receive:000200000e000000dmz6send:0002000041000000receive:0002000041000000insidesend:0002010064000000receive:0002010064000000oobsend:00020300ffff0000receive:00020300ffff0000managementsend:01010000ffff0000receive:01010000ffff0000

myfirewall/pri/act(config)#showfailoverhistory==========================================================================FromStateToStateReason==========================================================================07:30:59CESTFeb122013NotDetectedNegotiationNoError

07:31:03CESTFeb122013NegotiationColdStandbyDetectedanActivemate

07:31:05CESTFeb122013ColdStandbySyncConfigDetectedanActivemate

07:31:15CESTFeb122013SyncConfigSyncFileSystemDetectedanActivemate

07:31:15CESTFeb122013SyncFileSystemBulkSyncDetectedanActivemate

07:31:29CESTFeb122013BulkSyncStandbyReadyDetectedanActivemate



07:31:49CESTFeb122013StandbyReadyJustActiveHELLOnotheardfrommate

07:31:49CESTFeb122013JustActiveActiveDrainHELLOnotheardfrommate

07:31:49CESTFeb122013ActiveDrainActiveApplyingConfigHELLOnotheardfrommate

07:31:49CESTFeb122013ActiveApplyingConfigActiveConfigAppliedHELLOnotheardfrommate

07:31:49CESTFeb122013ActiveConfigAppliedActiveHELLOnotheardfrommate

==========================================================================

myfirewall/pri/act(config)#showfailoverstate

StateLastFailureReasonDate/TimeThishostPrimaryActiveNoneOtherhostSecondaryStandbyReadyIfcFailure17:38:56CEDTJun102013dmz5:Failedinside:Failed

====ConfigurationState===SyncDoneSyncDoneSTANDBY====CommunicationState===Macset

myfirewall/pri/act(config)#showfailoverstatisticstx:384585696rx:29127977

Checkthefailoverconfiguration:



myfirewall/pri/act(config)#shrunallfailoverfailoverfailoverlanunitprimaryfailoverlaninterfacefailoverGigabitEthernet0/2failoverpolltimeunit1holdtime15failoverpolltimeinterface5holdtime25failoverinterfacepolicy1failoverlinkfailoverGigabitEthernet0/2failoverinterfaceipfailover192.168.92.109255.255.255.252standby192.168.92.110

Checkthesessiontableofthefirewall

Withclassmapyoucansetthemaximumsessionforaspecifictrafficorgenerallywithany:

myfirewall(config)#classmapCONNSmyfirewall(configcmap)#matchanymyfirewall(configcmap)#policymapCONNSmyfirewall(configpmap)#classCONNSmyfirewall(configpmapc)#setconnectionconnmax1000embryonicconnmax3000

Thevaluesfromthesessiontableofthefirewall(themaxagainsttheusedifconfigured):



myfirewall/pri/act(config)#showconn?

execmodecommands/options:addressEnterthiskeywordtospecifyIPaddressallEnterthiskeywordtoshowconnsincludingtotheboxandfromtheboxcountEnterthiskeywordtoshowconncountonlydetailEnterthiskeywordtoshowconnindetaillongEnterthiskeywordtoshowconninlongformatportEnterthiskeywordtospecifyportprotocolEnterthiskeywordtospecifyconnprotocolscansafeEnterthiskeywordtoshowconnsbeingforwardedtoscansafeserversecuritygroupEnterthiskeywordtoshowsecuritygroupattributesinconnsstateEnterthiskeywordtospecifyconnstateuserEnterthiskeywordtospecifyconnuserusergroupEnterthiskeywordtospecifyconnusergroupuseridentityEnterthiskeywordtoshowusernames|Outputmodifiers

myfirewall/pri/act(config)#showconncount77inuse,1013mostused

myfirewall/pri/act(config)#showconnstate?

execmodecommands/options:WORDEnteranynumberofthefollowingconnstatesusing','asseparator:upfininfinouthttp_getsmtp_datanojavadata_indata_outsunrpch225h323sqlnet_fixup_dataconn_inboundsipmgcpctiqbeskinnyservice_modulestubtcp_embryonicvpn_orphanmyfirewall/pri/act(config)#showconnstateup80inuse,1013mostusedTCPdmz5192.168.38.250:4634inside172.24.1.2:54320,idle0:02:29,bytes12905,flagsUIOBTCPdmz5192.168.38.250:4633inside172.24.1.2:135,idle0:02:29,bytes684,flagsUIOBTCPdmz6192.168.47.8:80dmz5192.168.37.227:55335,idle0:00:00,bytes1618307080,flagsUIOBTCPdmz6192.168.47.10:80dmz5192.168.37.227:65521,idle0:00:00,bytes61797243,flagsUIOBTCPdmz6192.168.47.11:80dmz5192.168.37.227:55339,idle0:00:00,bytes3811666664,flagsUIOBTCPdmz5192.168.36.251:80inside172.31.229.68:62940,idle0:00:00,bytes335503,flagsUIOTCPdmz5192.168.36.251:80inside172.24.162.217:57429,idle0:00:00,bytes474510,flagsUIOTCPdmz5192.168.38.250:23757inside172.24.3.38:1165,idle0:00:00,bytes59747307,flagsUIOTCPdmz5192.168.38.250:3389inside192.168.252.66:4042,idle0:00:48,bytes337870,flagsUIOTCPdmz5192.168.38.250:23757inside172.24.3.40:63433,idle0:00:00,bytes93168991,flagsUIO

Youcanfiltertothesessionthatyoulookingfor(example):



myfirewall/pri/act(config)#showconnlongaddress192.168.47.1074inuse,1013mostusedFlags:AawaitinginsideACKtoSYN,aawaitingoutsideACKtoSYN,BinitialSYNfromoutside,bTCPstatebypassornailed,CCTIQBEmedia,cclustercentralized,DDNS,ddump,Eoutsidebackconnection,FoutsideFIN,finsideFIN,Ggroup,gMGCP,HH.323,hH.225.0,Iinbounddata,iincomplete,JGTP,jGTPdata,KGTPt3responsekSkinnymedia,MSMTPdata,mSIPmedia,nGUPOoutbounddata,Pinsidebackconnection,pPhoneproxyTFTPconnection,qSQL*Netdata,RoutsideacknowledgedFIN,RUDPSUNRPC,rinsideacknowledgedFIN,SawaitinginsideSYN,sawaitingoutsideSYN,TSIP,tSIPtransient,Uup,VVPNorphan,WWAAS,Xinspectedbyservicemodule,xpersession,Ydirectorstubflow,ybackupstubflow,ZScansaferedirection,zforwardingstubflowTCPdmz6:192.168.47.10/80(192.168.47.10/80)dmz5:192.168.37.227/65521(192.168.37.227/65521),flagsUIOB,idle0s,uptime20D23h,timeout1h0m,bytes478172338

Checkthetrafficoninterfaces,thepacketandbytecounters.



myfirewall/pri/act(config)#showtrafficdmz5:received(in1661754.406secs):14637140684packets673671106797bytes8001pkts/sec405002bytes/sectransmitted(in1661754.406secs):38728179279packets53732439765301bytes23000pkts/sec32334000bytes/sec1minuteinputrate1382pkts/sec,67193bytes/sec1minuteoutputrate3546pkts/sec,4923809bytes/sec1minutedroprate,0pkts/sec5minuteinputrate1375pkts/sec,67887bytes/sec5minuteoutputrate3589pkts/sec,4994000bytes/sec5minutedroprate,0pkts/secdmz6:received(in1661754.416secs):38627911784packets53724170049557bytes23002pkts/sec32329000bytes/sectransmitted(in1661754.416secs):14299138045packets572124451016bytes8000pkts/sec344002bytes/sec1minuteinputrate3535pkts/sec,4923119bytes/sec1minuteoutputrate1354pkts/sec,54206bytes/sec1minutedroprate,0pkts/sec5minuteinputrate3577pkts/sec,4993200bytes/sec5minuteoutputrate1345pkts/sec,53821bytes/sec5minutedroprate,0pkts/secinside:received(in1661754.416secs):826826503packets60669330026bytes1pkts/sec36000bytes/sectransmitted(in1661754.416secs):245271895packets109518736779bytes0pkts/sec65000bytes/sec1minuteinputrate44pkts/sec,2772bytes/sec1minuteoutputrate25pkts/sec,13180bytes/sec1minutedroprate,21pkts/sec5minuteinputrate45pkts/sec,2829bytes/sec5minuteoutputrate28pkts/sec,14443bytes/sec5minutedroprate,21pkts/sec

Checkthetimeoutvaluesinthefirewall:



myfirewall2/pri/act#shruntimeouttimeoutxlate3:00:00timeoutconn1:00:00halfclosed0:10:00udp0:02:00icmp0:00:02timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcppat0:05:00timeoutsip0:30:00sip_media0:02:00sipinvite0:03:00sipdisconnect0:02:00timeoutsipprovisionalmedia0:02:00uauth0:05:00absolutetimeouttcpproxyreassembly0:01:00timeoutfloatingconn0:00:00

2.0Checktheinterfacesettings

Checkthestate,speedandduplexityanIPoftheinterfaces

Showtherunningconfigonlyfortheinterfaceswithipaddress:

myfirewall/pri/act(config)#shrunipaddress!interfaceGigabitEthernet0/0.14vlan14nameifdmz5securitylevel0ipaddress192.168.36.1255.255.252.0standby192.168.36.2!interfaceGigabitEthernet0/0.65vlan65nameifdmz6securitylevel0ipaddress192.168.47.1255.255.255.0standby192.168.47.2!interfaceGigabitEthernet0/1.100vlan100nameifinsidesecuritylevel100ipaddress192.168.3.5255.255.248.0standby172.24.3.6

Showipaddressandsecuritylevelonly:



myfirewall2/pri/act#shipSystemIPAddresses:InterfaceNameIPaddressSubnetmaskMethodPortchannel1.1001dmz15.5.5.5255.255.255.192CONFIGPortchannel2Failover192.168.92.13255.255.255.252unsetPortchannel4.721inside172.17.131.151255.255.255.0CONFIGCurrentIPAddresses:InterfaceNameIPaddressSubnetmaskMethodPortchannel1.1001dmz15.5.5.5255.255.255.192CONFIGPortchannel2Failover192.168.92.13255.255.255.252unsetPortchannel4.721inside172.17.131.151255.255.255.0CONFIG

myfirewall2/pri/act#shnameifInterfaceNameSecurityManagement0/0management100Portchannel1.1001dmz10Portchannel4.721inside100

ChecktheMACandthestateoftheinterfaces.Thenameoftheinterfaceintheexamplebelowisinternal.

Hereyoucanseefollowingintheoutput

InterfacenameMACLinkstateSpeedDuplexMTUPacketandBytecountersErrors



myfirewall/pri/act#showinterfaceInterfaceGigabitEthernet0/0"",isup,lineprotocolisupHardwareisi82546GBrev03,BW1000Mbps,DLY10usecAutoDuplex(Fullduplex),AutoSpeed(1000Mbps)Inputflowcontrolisunsupported,outputflowcontrolisoffAvailablebutnotconfiguredvianameifMACaddress001f.abcc.a5e6,MTUnotsetIPaddressunassigned53280934440packetsinput,55671972432495bytes,0nobufferReceived167625118broadcasts,0runts,0giants0inputerrors,0CRC,0frame,0overrun,0ignored,0abort0pauseinput,0resumeinput0L2decodedrops53043155385packetsoutput,55516746848674bytes,0underruns0pauseoutput,0resumeoutput0outputerrors,0collisions,2interfaceresets0latecollisions,0deferred0inputresetdrops,0outputresetdrops,0txhangsinputqueue(blocksfreecurr/low):hardware(255/230)outputqueue(blocksfreecurr/low):hardware(255/122)InterfaceGigabitEthernet0/0.14"dmz5",isup,lineprotocolisupHardwareisi82546GBrev03,BW1000Mbps,DLY10usecVLANidentifier14Description:dmz5MACaddress001f.abcc.a5e6,MTU1500IPaddress192.168.36.1,subnetmask255.255.252.0TrafficStatisticsfor"dmz5":14641601950packetsinput,673897945554bytes38739676247packetsoutput,53748403391129bytes51923927packetsdroppedInterfaceGigabitEthernet0/0.65"dmz6",isup,lineprotocolisupHardwareisi82546GBrev03,BW1000Mbps,DLY10usecVLANidentifier65Description:dmz6MACaddress001f.abcc.a5e6,MTU1500IPaddress192.168.47.1,subnetmask255.255.255.0TrafficStatisticsfor"dmz6":38639332463packetsinput,53740092462779bytes14303479193packetsoutput,572298134370bytes83451packetsdropped

ChecktheARPTable



ThiscontainsthepermanentandthedynamicARPentries

myfirewall/pri/act#showarpdmz5192.168.38.430020.4ab0.a59f0dmz5192.168.37.2262c27.d733.a9e20dmz5192.168.37.2362c27.d733.a89e0dmz5192.168.37.23578ac.c0b2.40660dmz5192.168.37.2400019.99ae.847c0dmz5192.168.39.2400019.9987.56760...

3.0ChecktheRoutingTable

Withtheshowrouteyoucanseetheactualroutingtablefromthefirewallwiththestatisandthedynamicroutesandthedirectlyconnectednetworks.

myfirewall/pri/act#showroute

Codes:Cconnected,Sstatic,IIGRP,RRIP,Mmobile,BBGPDEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterareaN1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2E1OSPFexternaltype1,E2OSPFexternaltype2,EEGPiISIS,L1ISISlevel1,L2ISISlevel2,iaISISinterarea*candidatedefault,Uperuserstaticroute,oODRPperiodicdownloadedstaticroute

Gatewayoflastresortis172.24.2.2tonetwork0.0.0.0

C172.24.0.0255.255.248.0isdirectlyconnected,insideC192.168.99.0255.255.255.0isdirectlyconnected,oobC192.168.47.0255.255.255.0isdirectlyconnected,dmz6C192.168.92.108255.255.255.252isdirectlyconnected,failoverS*0.0.0.00.0.0.0[1/0]via172.24.2.2,insideC192.168.36.0255.255.252.0isdirectlyconnected,dmz5



Checkthematchingroute

Areyoulookingforaspecificrouteinabigdatabase?Noproblemusetheshowroutewithmoredetails:

myfirewall/pri/act#shrouteinside172.31.231.246

Codes:Cconnected,Sstatic,IIGRP,RRIP,Mmobile,BBGPDEIGRP,EXEIGRPexternal,OOSPF,IAOSPFinterareaN1OSPFNSSAexternaltype1,N2OSPFNSSAexternaltype2E1OSPFexternaltype1,E2OSPFexternaltype2,EEGPiISIS,L1ISISlevel1,L2ISISlevel2,iaISISinterarea*candidatedefault,Uperuserstaticroute,oODRPperiodicdownloadedstaticroute

Gatewayoflastresortis172.24.2.2tonetwork0.0.0.0

4.0VPNTroubleshooting

Themostsignificantpartforvpnisthetimeonthedevices.Thecheckthetimeusethefollowingcommand:

myfirewall/pri/act#showclock11:19:45.485CEDTWedSep182013

myfirewall/pri/act#showntpstatusClockissynchronized,stratum3,referenceis172.24.10.100nominalfreqis99.9984Hz,actualfreqis99.9968Hz,precisionis2**6referencetimeisd5e3ed1d.b0b7a760(11:13:01.690CEDTWedSep182013)clockoffsetis0.1998msec,rootdelayis18.55msecrootdispersionis36.01msec,peerdispersionis15.64msec

Changethetunnelstate



Bringupavpntunnelmanually.Notrafficrequired.

Shutdownavpntunnelmanually.

Alltunnels:myfirewall3/pri/act#clearcryptoisakmpsa

Onlyspecifictunnel:

myfirewall3/pri/act#clearipsecsapeer2.2.2.2myfirewall2/pri/act#clearcryikev1sa2.2.2.2

shutdownforlongertime:myfirewall2/pri/act(config)#nocryptomapl2lvpns10setpeer211.66.176.18

Checkthetunnelstate

IfthereisnoSAthatmeansthetunnelisdownanddoesnotwork.ToseeifthetunnelisupweneedtocheckifanySAexist.Toseeifthetunnelisupyoucanusetheshowcryptoisakmpsaorshowcryptoipsecsacommand.Tunnelstateisdown

Tunneldoesnotexistifthereisnooutputofthecommandsbelow:

myfirewall3/pri/act#shcryisakmpsa

TherearenoIKEv1SAs

TherearenoIKEv2SAs

myfirewall3/pri/act#showcryptoipsecsa

Therearenoipsecsas

Tunnelstateisup

Informationsfromtheoutputofthecommandbelow:



Informationsfromtheoutputofthecommandbelow:vpnpeersencryptedtraffic(sourceanddestination)trafficcountersforencryptedtrafficSPIforencryptanddecryptEncryptionmethod



myfirewall2/pri/act#showcryipssapeer3.3.3.3peeraddress:3.3.3.3Cryptomaptag:firmen,seqnum:22,localaddr:5.5.5.5

accesslisttunvossextendedpermitiphost172.19.212.10192.168.15.72255.255.255.248timerangeEndDec2035localident(addr/mask/prot/port):(172.19.212.10/255.255.255.255/0/0)remoteident(addr/mask/prot/port):(192.168.15.72/255.255.255.248/0/0)current_peer:3.3.3.3

#pktsencaps:26,#pktsencrypt:26,#pktsdigest:26#pktsdecaps:9,#pktsdecrypt:9,#pktsverify:9#pktscompressed:0,#pktsdecompressed:0#pktsnotcompressed:26,#pktscompfailed:0,#pktsdecompfailed:0#prefragsuccesses:0,#prefragfailures:0,#fragmentscreated:0#PMTUssent:0,#PMTUsrcvd:0,#decapsulatedfrgsneedingreassembly:0#senderrors:0,#recverrors:0

localcryptoendpt.:5.5.5.5/0,remotecryptoendpt.:3.3.3.3/0pathmtu1500,ipsecoverhead74,mediamtu1500currentoutboundspi:AB092E6Ecurrentinboundspi:910F4308

inboundespsas:spi:0x910F4308(2433696520)transform:espaes256espshahmacnocompressioninusesettings={L2L,Tunnel,PFSGroup2,}slot:0,conn_id:25923584,cryptomap:firmensatiming:remainingkeylifetime(kB/sec):(4373999/3360)IVsize:16bytesreplaydetectionsupport:YAntireplaybitmap:0x000000000x000003FFoutboundespsas:spi:0xAB092E6E(2869505646)transform:espaes256espshahmacnocompressioninusesettings={L2L,Tunnel,PFSGroup2,}slot:0,conn_id:25923584,cryptomap:firmensatiming:remainingkeylifetime(kB/sec):(4373997/3360)IVsize:16bytesreplaydetectionsupport:YAntireplaybitmap:0x000000000x00000001



Checkpacketcountersforthetunnel

Toseeiftheencryptionanddecryptionofthepackagesworksuse2ormoretimestheshowcryipsecsacommandandcomparethevalues.Onthesecondandthirdoutputsthecountershouldshowlargernumber.

Onthefollowingoutputthefirewallhas1activevpnpeer.

myfirewall2/pri/act#showvpnsessiondbl2l

SessionType:LANtoLAN

Connection:9.9.9.9Index:5671IPAddr:9.9.9.9Protocol:IKEv1IPsecEncryption:3DESHashing:MD5BytesTx:83496278BytesRx:420469160LoginTime:02:17:25CEDTWedSep182013Duration:12h:15m:49sConnection:3.3.3.3Index:6329IPAddr:3.3.3.3Protocol:IKEv1IPsecEncryption:AES256Hashing:SHA1BytesTx:6100BytesRx:5992LoginTime:14:26:13CEDTWedSep182013Duration:0h:07m:01s

ChecktheuptimeoftheVPNtunnels

UptimeforsitetositeVPN



asafirewall/pri/act#showvpnsessiondbl2l

SessionType:LANtoLAN

Connection:25.25.25.25Index:34872IPAddr:25.25.25.25Protocol:IKEv1IPsecEncryption:IKEv1:(1)AES256IPsec:(3)AES256Hashing:IKEv1:(1)SHA1IPsec:(3)SHA1BytesTx:73653504BytesRx:31342653LoginTime:01:15:18CESTThuNov282013Duration:12h:36m:51sConnection:dynvpntunnelIndex:34902IPAddr:35.35.35.35Protocol:IKEv1IPsecEncryption:IKEv1:(1)AES256IPsec:(1)AES256Hashing:IKEv1:(1)SHA1IPsec:(1)SHA1BytesTx:17679966BytesRx:2626429LoginTime:12:38:17CESTThuNov282013Duration:1h:13m:52s

SALifetimeforIKE/phase1/forsitetosite(lifetimeinseconds)

asafirewall/pri/act#showcryptoisasadetail

IKEv1SAs:

ActiveSA:4RekeySA:0(Atunnelwillreport1Activeand1RekeySAduringrekey)TotalIKESA:4

1IKEPeer:45.45.45.45Type:L2LRole:responderRekey:noState:AM_ACTIVEEncrypt:aes256Hash:SHAAuth:presharedLifetime:14400LifetimeRemaining:120392IKEPeer:55.55.55.55Type:L2LRole:responderRekey:noState:MM_ACTIVEEncrypt:3desHash:MD5Auth:presharedLifetime:14400LifetimeRemaining:12462



SALifetimesforinboundandoutboundespsas/phase2/forsitetosite(lifetimeinseconds)

asafirewall/pri/act#showcryptoipsecsa

interface:outside

Cryptomaptag:tunnel,seqnum:20,localaddr:46.46.46.46

accesslisttunacl1extendedpermitiphost10.10.10.11192.168.1.48255.255.255.240timerangeEndDec2035localident(addr/mask/prot/port):(10.10.10.11/255.255.255.255/0/0)remoteident(addr/mask/prot/port):(192.168.1.48/255.255.255.240/0/0)current_peer:13.13.13.13

#pktsencaps:38097,#pktsencrypt:38097,#pktsdigest:38097#pktsdecaps:34559,#pktsdecrypt:34559,#pktsverify:34559#pktscompressed:0,#pktsdecompressed:0#pktsnotcompressed:38097,#pktscompfailed:0,#pktsdecompfailed:0#prefragsuccesses:0,#prefragfailures:0,#fragmentscreated:0#PMTUssent:0,#PMTUsrcvd:0,#decapsulatedfrgsneedingreassembly:0#TFCrcvd:0,#TFCsent:0#ValidICMPErrorsrcvd:0,#InvalidICMPErrorsrcvd:0#senderrors:0,#recverrors:0

localcryptoendpt.:46.46.46.46/0,remotecryptoendpt.:13.13.13.13/0pathmtu1500,ipsecoverhead74(44),mediamtu1500PMTUtimeremaining(sec):0,DFpolicy:copydfICMPerrorvalidation:disabled,TFCpackets:disabledcurrentoutboundspi:22512A19currentinboundspi:8F46C331

inboundespsas:spi:0x8F46C331(2403779377)transform:espaes256espshahmacnocompressioninusesettings={L2L,Tunnel,IKEv1,}slot:0,conn_id:143024128,cryptomap:tunnelsatiming:remainingkeylifetime(kB/sec):(4371840/26381)IVsize:16bytesreplaydetectionsupport:YAntireplaybitmap:0xFFFFFFFF0xFFFFFFFFoutboundespsas:spi:0x22512A19(575744537)transform:espaes256espshahmacnocompressioninusesettings={L2L,Tunnel,IKEv1,}



slot:0,conn_id:143024128,cryptomap:tunnelsatiming:remainingkeylifetime(kB/sec):(4350795/26381)IVsize:16bytesreplaydetectionsupport:YAntireplaybitmap:0x000000000x00000001

Uptimeforoldvpnclient

asafirewall/pri/act#showvpnsessiondbraikev1ipsec

SessionType:IKEv1IPsec

Username:einsteina@vpntungrp1Index:3856AssignedIP:192.168.236.249PublicIP:37.209.44.113Protocol:IKEv1IPsecOverTCPLicense:OtherVPNEncryption:AES128Hashing:SHA1BytesTx:667580222BytesRx:195368751GroupPolicy:vpngrpp1TunnelGroup:vpndeolLoginTime:10:15:51CESTTueNov192013Duration:9d3h:37m:37sInactivity:0h:00m:00sNACResult:UnknownVLANMapping:N/AVLAN:none

Username:leonardo@vpntungrp2Index:12473AssignedIP:192.168.244.151PublicIP:145.253.227.158Protocol:IKEv1IPsecOverTCPLicense:OtherVPNEncryption:AES128Hashing:SHA1BytesTx:64670782BytesRx:49769295GroupPolicy:vpngrpp2TunnelGroup:vpnextrsaLoginTime:09:07:46CESTWedNov272013Duration:1d4h:45m:42s

Uptimefornewvpnclient(Anyconnect)



asafirewall/pri/act#shvpnsessiondbanyconnect

SessionType:AnyConnect

Username:beck@vpntungrp3Index:12579AssignedIP:192.168.236.194PublicIP:84.163.80.247Protocol:AnyConnectParentSSLTunnelLicense:AnyConnectEssentialsEncryption:3DESHashing:noneSHA1BytesTx:552426724BytesRx:264841827GroupPolicy:vpngrpp3TunnelGroup:DefaultWEBVPNGroupLoginTime:10:21:29CESTWedNov272013Duration:1d3h:44m:57sInactivity:0h:00m:00sNACResult:UnknownVLANMapping:N/AVLAN:none

Username:baromarcu@vpntungrp3Index:13405AssignedIP:192.168.238.212PublicIP:91.14.67.250Protocol:AnyConnectParentSSLTunnelLicense:AnyConnectEssentialsEncryption:3DESHashing:noneSHA1BytesTx:376838398BytesRx:153802768GroupPolicy:vpngrpp3TunnelGroup:DefaultWEBVPNGroupLoginTime:07:22:24CESTThuNov282013Duration:6h:44m:02sInactivity:0h:00m:00sNACResult:UnknownVLANMapping:N/AVLAN:none

5.0sniffertrace

Thebasiccommandiscapture,afterthatyouhavetodefinetheinterface*(orthekeywordany):raisethepacketlenghttoahighervalue,ifyouneedthepayloadfromthepackets!

myfirewall2/pri/act#capturecapturenamepacketlength1600matchtcphost2.2.2.2anyeq443myfirewall2/pri/act#myfirewall2/pri/act#shcapcapturecapturenametyperawdata[Capturing0bytes]matchtcphost2.2.2.2anyeqhttps



youcanyouaccesslistformoredetailedtraffic

Toexportthesniffertracetoapcapfileusethecommand:

myfirewall2/pri/act#copy/pcapcapture:tftp

Sourcecapturename[]?capturename

Addressornameofremotehost[]?3.3.3.3

Destinationfilename[capturename]?capturename.pcap!!!!myfirewall2/pri/act#

6.0Viewloggingoncli

Thebuffersizeislimitedandifthebufferisfulltheoldlogswillbeoverwritten.Tocheckyourlogsettingsissuethefollowing:

myfirewall3/pri/act#shrunloggingloggingenableloggingtimestamploggingbufferedalertsloggingtraperrorsloggingasdmdebuggingloggingmailalertsloggingfromaddressfirewall@mycompany.comloggingrecipientaddressnetwork@mycompany.comlevelalertslogginghostfwtrans172.24.2.218logginghostfwtrans172.24.2.219loggingpermithostdown

Configurelogging



Importantcommandsarethe:

loggingenableloggingtimestamplogginghostfwtrans172.24.2.218loggingtraperrors

Savethelogsfrombuffertofileandafteryoucancopyittoyourtftpserver.

myfirewall3/pri/act#loggingsavelogmylogsmyfirewall3/pri/act#cdsyslogmyfirewall3/pri/act#dir

Directoryofdisk0:/syslog/

113rwx288014:41:18Sep182013mylogs

255426560bytestotal(181706752bytesfree)

Viewingthelogs

Tooseethebufferlogsissue:

myfirewall3/pri/act#showlogging

7.0Inspectionandaspdrop

Thesecommandsshouldbeissuedmultipletimestoseewhichcounteractuallyincreases,thatcanleadtoaproblem.Issuingthecommandjustoncehasnottoomuchsence,sincewedonotknowsincewhenthecountersshowtheactualvalues.



myfirewall/pri/act#shservicepolicysetconnectiondetail

Interfacegermany:Servicepolicy:voicehttpmapClassmap:voicehttpmapSetconnectionpolicy:drop0Setconnectionadvancedoptions:maxmsssizeRetransmissiondrops:0TCPchecksumdrops:0ExceededMSSdrops:0SYNwithdatadrops:0InvalidACKdrops:0SYNACKwithdatadrops:0Outoforder(OoO)packets:0OoOnobufferdrops:0OoObuffertimeoutdrops:0SEQpastwindowdrops:208Reservedbitcleared:0Reservedbitdrops:0IPTTLmodified:0Urgentflagcleared:0Windowvariedresets:0TCPoptions:SelectiveACKcleared:0Timestampcleared:0Windowscalecleared:0Otheroptionscleared:0Otheroptionsdrops:0

myfirewall/pri/act#shaspdropflowInspectionfailure(inspectfail)14616790SSLhandshakefailed(sslhandshakefailed)85SSLreceivedclosealert(sslreceivedclosealert)40

Lastclearing:Never



myfirewall/pri/act#shaspdropframeFlowisbeingfreed(flowbeingfreed)121InvalidTCPLength(invalidtcphdrlength)1Novalidadjacency(noadjacency)36Reversepathverifyfailed(rpfviolated)6990253Flowisdeniedbyconfiguredrule(acldrop)864778803Flowdeniedduetoresourcelimitation(unabletocreateflow)1374FirstTCPpacketnotSYN(tcpnotsyn)471046343BadTCPflags(badtcpflags)46770TCPdatasendafterFIN(tcpdatapastfin)128TCPfailed3wayhandshake(tcp3whsfailed)1560684TCPRST/FINoutoforder(tcprstfinooo)30625519TCPSEQinSYN/SYNACKinvalid(tcpseqsyndiff)9582TCPSYNACKonestablishedconn(tcpsynackooo)8770TCPpacketSEQpastwindow(tcpseqpastwin)77478TCPinvalidACK(tcpinvalidack)53427TCPACKin3wayhandshakeinvalid(tcpdiscardedooo)5710TCPOutofOrderpacketbufferfull(tcpbufferfull)1TCPOutofOrderpacketbuffertimeout(tcpbuffertimeout)5541TCPRST/SYNinwindow(tcprstsyninwin)326943TCPdupofpacketinOutofOrderqueue(tcpdupinqueue)769TCPpacketfailedPAWStest(tcppawsfail)1530Expiredflow(flowexpired)284ICMPInspectbadicmpcode(inspecticmpbadcode)300ICMPInspectseqnumnotmatched(inspecticmpseqnumnotmatched)633646ICMPErrorInspectnoexistingconn(inspecticmperrornoexistingconn)1869DNSInspectinvalidpacket(inspectdnsinvalidpak)35DNSInspectinvaliddomainlabel(inspectdnsinvaliddomainlabel)628DNSInspectpackettoolong(inspectdnspaktoolong)5044504DNSInspectidnotmatched(inspectdnsidnotmatched)1589860Unabletoobtainconnectionlock(connectionlock)13Interfaceisdown(interfacedown)35RMconnectionlimitreached(rmconnlimit)136021Droppedpendingpacketsinaclosedsocket(npsocketclosed)27886

Lastclearing:Never

8.0ThreatDetection(checkthetoptalkers)

threatdetectionconfigurationexample:



myfirewall/pri/act(config)#shrunthreatdetectionthreatdetectionbasicthreatthreatdetectionstatisticshostthreatdetectionstatisticsportthreatdetectionstatisticsprotocolthreatdetectionstatisticsaccesslistnothreatdetectionstatisticstcpintercept

showcommandsthreatdetection:

ThiscommandIFactivatedcangiveusreallyusefulbasicinformationaboutnetworkflows,passingthroughthefirewall.Orifwehaveaperformanceproblemwithourinternetconnection,wecanseewhoownscurrentlytheline(whosheadmustbeundertheguillotine.)

myfirewall/pri/act#shthreatdetectionstatisticstop?

accesslistEnterthiskeywordtodisplaytopNaccessliststatisticshostEnterthiskeywordtodisplaytopNhoststatisticsportprotocolEnterthiskeywordtodisplaytopNportstatisticsrate1EnterthiskeywordtodisplaytopN'sfirstratestatisticsrate2EnterthiskeywordtodisplaytopN'ssecondratestatisticsrate3EnterthiskeywordtodisplaytopN'sthirdratestatisticstcpinterceptShowstatisticsinformationfortcpintercept|Outputmodifiers

anexamplewithportandprotocol

myfirewall/pri/act#shthreatdetectionstatisticstopportprotocolTopNameIdAverage(eps)Current(eps)TriggerTotalevents0minSentattack:0minRecvattack:01DNS532972355227100178330802LDAP389639474254938364503HTTP80162152140669766804NetBIOSName13716019380319623905HTTPS44313185112427901306Port8191655351089735136497407XMPPSSLUno522348102242888408SNMPTRAP16246465053727859



09SYSLOG514363297732199510MSDS/SMB445304045220180301hourSentbyte:01HTTP80251942992493983809069947756302MSDS/SMB4458260884822510202973918408503Port81916553570385431022739502533875794904LDAP389233418923479300840308106005MicrosoftSQL1433137377411969090494558655806HTTPS443131814412587450474531975607HTTPAlternat80805208895660880187520297708DNS534307054520660155054019409Port77807780264564258684095243199110Port338033802304151209608294975911hourSentpkts:01MSDS/SMB4454057141786014605720602HTTP80226122295708140640603Port81916553588341137903180497904HTTPS443252827770910158905LDAP389195619540704185406MicrosoftSQL1433172315270620490307Port1351356795720244522908HTTPAlternat80804144470149329809DNS533933870141823310ICMP*1281365010126091hourRecvbyte:01MSDS/SMB4458241588830837002966971740002HTTP803148829467587101133578473303Port8191655352908739264437501047146069604Port205520552926142815890105341385205SYSLOG514269208323164096915122506HTTPS443266550283114095958236207MicrosoftSQL1433200255173645072091935208LDAP389149348149286053765392509SMTP2588919104011032011188510Port135135762516381402745070441hourRecvpkts:01MSDS/SMB4454012041355014443360502HTTP80160281711505770348603Port8191655357853893302827338004MicrosoftSQL1433144112810518867705LDAP389132913390478581106HTTPS4439889210355983107Port1351356945880249851008SYSLOG5142923550105192109HTTPAlternat8080272289098130710DNS532522510909608



andthetoptalkerslistforhosts:

myfirewall/pri/act(config)#shthreatdetectionstatisticstophostTopNameIdAverage(eps)Current(eps)TriggerTotalevents20minSentattack:01145.45.45.226110601621369702145.45.45.2429956571129703145.45.45.2327040045917304145.45.45.23464533096789005192.168.135.146678214753606145.45.45.211576109602407145.45.45.2104419756520908172.31.4.41218262009172.16.2.2241120222471010.10.123.2115204820minRecvattack:01192.168.135.136331977427802172.16.28.6120239803172.31.241.99110216004145.45.45.21110830157505192.168.133.1911131912930610.16.200.271017125607172.26.30.20000100408172.16.1.100021690309172.16.22.110013827131010.10.123.2007983653...

7.0BackupandRestore

Backupcommandwithtftpserver:



myfirewall3/pri/act#copyrunningconfigtftp

Sourcefilename[runningconfig]?

Addressornameofremotehost[]?3.3.3.3

Destinationfilename[runningconfig]?Cryptochecksum:ee921f66a8586880f2d4fc17c76933b2

Formoreinforeadmypost:MigrateCiscoASAconfiguration,certificatesandprivatekeysThatsallfolks!

Tagged:CiscoASA,commands,troubleshootingPostedin:ASA(http://itsecworks.com/category/security/cisco/asa/),Cisco(http://itsecworks.com/category/security/cisco/),Security(http://itsecworks.com/category/security/),Troubleshootings(http://itsecworks.com/category/security/cisco/asa/troubleshootings/)5ResponsesCiscoASAtroubleshootingcommands1.

Krish

September19,2013

1

0

iRateThis

Veryusefulforbasictroubleshooting..

Reply

About these ads (http://wordpress.com/about-these-ads/)



itsecworks

September19,2013

1

0

iRateThis

Yes,onlyforbasictroubleshooting:)therestwillbepostedsoon:)

Reply

2.akesh

February22,2014

1

0

iRateThis

GoodStuff..Canyoualsotrytopostabitmorecomplextroubleshooting..thankyou

Reply

itsecworks

February22,2014

0

0

iRateThis

Feelfreetosuggestanditwillbeaddedtothispost.



Reply

3.Bhumika

November3,2014

0

0

iRateThis

Ifoundthisdocumentveryuseful.allbasiccommandsatoneplace

Reply

BlogatWordPress.com.TheInuitTypesTheme. Follow

Followitsecworks

BuildawebsitewithWordPress.com