How to debug ACE traffic through ACE

Unanswered Question
Mar 6th, 2007
User Badges:

I have the following test setup :

internet----ASA----ACE(a user context)---client.

I have some problems with icmp messages being dropped and some traffic that is not allowed.

How can i debug blocked traffic on the ACE ? I can't put a "log" entry on the end of an access-list rule neither can i debug ip traffic.

What should i do ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Roble Mumin Tue, 03/06/2007 - 03:21
User Badges:
  • Bronze, 100 points or more

You can capture packets on the ACE Context with "capture" and check them with a tool like wireshark.

If you have problems with icmp check if you're ACL on the client or server side vlan allows it.

You can also configure ICMP inspection if you dislike the behavior of traces from the server side to the outside.



This Discussion