Debug in PIX

Unanswered Question
May 26th, 2009

Hi,

Intially we used the PIX IOS 6.3 were we will use the command to debug some IP from outside and inside

example

debug packet inside src 10.180.1.1

debug packet ouside dst 80.1.X.X

but right now we upgraded the IOS to 7.2 how i can issue the same command to see the debug for the specfic ip

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
darkbeatzz Tue, 05/26/2009 - 07:42

use Capture.

Its a fantastic new tool introduced in 7.0

basically you create and acl

capture the acl

sh capture

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1

ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface

1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml

http://security-planet.de/2005/07/26/cisco-pix-capturing-traffic/

HTH

Actions

This Discussion