Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ingress interface in packet trace

Hi,

I was just curious to know what exactly qualifies as the input interface in a packet trace statement.

Eg. ASA has two interfaces, Local & Outside. If the requirement is to ping from node on Local interface to one on the outside, what interface should be used as input interface...Local Or Outside?

Does it take the first interface the traffic hits from the direction as the ingress or to the interface it is destined?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ingress interface in packet trace

Hi again,

The "input" interface is always the interface from which the packet is coming from.

So if you had "inside" and "outside" interfaces and you wanted to simulate a user behind the "inside" initiating a web browser connection to the Internet then the input interface would be "inside" since that is where the packet would be entering the ASA

packet-tracer input inside tcp

PS. I think I still havent answered some other discussion we had (traffic between network segments through ASA). Will try to have a look at it at some point. I have had something like 8 hours sleep in the span of 72 hours so I am pretty tired. Thanks to maintanance breaks

- Jouni

2 REPLIES
Super Bronze

ingress interface in packet trace

Hi again,

The "input" interface is always the interface from which the packet is coming from.

So if you had "inside" and "outside" interfaces and you wanted to simulate a user behind the "inside" initiating a web browser connection to the Internet then the input interface would be "inside" since that is where the packet would be entering the ASA

packet-tracer input inside tcp

PS. I think I still havent answered some other discussion we had (traffic between network segments through ASA). Will try to have a look at it at some point. I have had something like 8 hours sleep in the span of 72 hours so I am pretty tired. Thanks to maintanance breaks

- Jouni

Community Member

ingress interface in packet trace

Thanks Jouni.

I've already rated the other discussion as answered, i just followed your posts & tried this today. it works fine.

Thank you & truly appreciate your help.

Have a good sleep!

226
Views
0
Helpful
2
Replies
CreatePlease to create content