Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
3
Helpful
2
Replies

Capture Question

rod.blackie
Level 1
Level 1

‎02-03-2009 12:35 AM - edited ‎03-11-2019 07:45 AM

Gents,

<br />

<br />I have an intersting problem, my company is having timeout problems when accessing a particular web site - this site can be accessed through a standard ADSL conneciton. We have a PIX 515 OS 8.x at the front of our corporate network.

<br />

<br />My question is this:

<br />

<br />How can I capture the return http packet information on the outside interface, bearing in mind that the connection has already been established via the ACL on the inside interface.

<br />

<br />I need to try and establish if the original syn packet has recieved an syn-ack reply.

<br />

<br />Thanks

<br />

<br />Rod

Labels:
0 Helpful
2 Replies 2

celiocarreto
Level 1
Level 1

‎02-03-2009 12:55 AM

Hi,

if you know the destination ip, then create an adequate ACL and capture on outside interface.

For example: webserver - 1.1.1.1

access-list test permit ip any host 1.1.1.1

access-list test permit ip host 1.1.1.1 any

capture test access-list test interface outside [trace detail]

Regards, Celio

rod.blackie
Level 1
Level 1
In response to celiocarreto

‎02-03-2009 01:30 AM

Hi Celio,

I have got the information I require by carrying out the sh conn command, however the site I am havinf problems with is showing a saA flag - I understand that this flag indicates that the PIX is awaiting a response, does this mean that there could be an conflict with the web server IP address and one of the pix security features????

thanks

rod

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card