Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
5
Helpful
3
Replies

Pack Trace output

Go to solution
opnineopnine
Level 1
Level 1

‎11-14-2014 06:46 AM - edited ‎03-11-2019 10:04 PM

Please check my pack trace outpu, when you get a Phase 3 issue, how can I keep doing  the troubleshooting.?

 

thansk

 

Phase: 1
Type: FLOW-LOOKUP
Subtype: 
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   0.0.0.0         0.0.0.0         outside

Phase: 3
Type: ACCESS-LIST
Subtype: 
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:       
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎11-14-2014 07:02 AM

You need to allow the traffic in the ACL thats assigned to the interface where the traffic is entering the ASA. The "Implicit Rule" is always used when no other rule matches.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎11-14-2014 07:02 AM

You need to allow the traffic in the ACL thats assigned to the interface where the traffic is entering the ASA. The "Implicit Rule" is always used when no other rule matches.

0 Helpful

Go to solution
opnineopnine
Level 1
Level 1
In response to Karsten Iwen

‎11-17-2014 01:21 PM

Karsten

Look this output, where should I create the acls? Thanks.

 

 

Type: ACCESS-LIST
Subtype: 
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: FLOW-LOOKUP
Subtype: 
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow

Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   142.100.64.0    255.255.255.0   inside
              
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   172.18.3.23     255.255.255.255 outside

Phase: 5
Type: ACCESS-LIST
Subtype: 
Result: DROP
Config:
Implicit Rule
Additional Information:

Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop  

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to opnineopnine

‎11-17-2014 01:43 PM

Always the interface where the initial traffic enters the ASA. Seems to be the outside interface in your case.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card