Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Debug in PIX

Hi,

Intially we used the PIX IOS 6.3 were we will use the command to debug some IP from outside and inside

example

debug packet inside src 10.180.1.1

debug packet ouside dst 80.1.X.X

but right now we upgraded the IOS to 7.2 how i can issue the same command to see the debug for the specfic ip

1 REPLY
New Member

Re: Debug in PIX

use Capture.

Its a fantastic new tool introduced in 7.0

basically you create and acl

capture the acl

sh capture

ASA Capture Feature

The administrator needs to create an access-list that defines what traffic the ASA needs to capture. After the access-list is defined, the capture command incorporates the access-list and applies it to an interface.

ciscoasa(config)#access-list inside_test permit icmp any host 192.168.1.1

ciscoasa(config)#capture inside_interface access-list inside_test interface inside

The user pings the inside interface of the ASA (ping 192.168.1.1). This output is displayed.

ciscoasa#show capture inside_interface

1: 13:04:06.284897 192.168.1.50 > 192.168.1.1: icmp: echo request

!--- The user IP address is 192.168.1.50.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml

http://security-planet.de/2005/07/26/cisco-pix-capturing-traffic/

HTH

218
Views
0
Helpful
1
Replies