Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Trace traffic On 515 firewall

I would need help on how i can trace and capture traffic on the above firewall.

i need to prove to my IS guys that the firewall has no problems.

2 REPLIES
Silver

Re: Trace traffic On 515 firewall

What kind of traffic are you trying trace..What is the problem that you are facing?

ICMP packet trace can be enabled by issuing a debug icmp trace command, to stop it enter no debug icmp trace.

Cheers

Hoogen

Cisco Employee

Re: Trace traffic On 515 firewall

Following is the method to take captures on PIX:

Issue with communication between a client on inside interface and a server on outside interface.

Replace IP addresses appropriately-

access-list cpo permit ip host host

access-list cpo permit ip host host

capture capo access-list cpo buffer 2000000 packet-length 1518 interface outside

access-list cpi permit ip host host

access-list cpi permit ip host host

capture capi access-list cpi buffer 2000000 packet-length 1518 interface inside

SRC_IP : This is the original IP address of client from where request is being

generated

XSRC_IP : This is the translated IP address of the inside client. IP address to

which inside client is translated when going outbound.

DST_IP : This is the Destination IP address.

Alternatively, captures on both interfaces can be taken in a single capture file.

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

access-list cap permit ip host host

capture capio access-list cap buffer 2000000 packet-length 1518 interface outside interface inside

To download the captures:

using a maching with PDM access-

https://interface_IP/capture/capo/pcap

--> save file as outside.cap

(Captures on outside interface)

https://interface_IP/capture/capi/pcap

--> save file as inside.cap

(Captures on inside interface)

https://interface_IP/capture/capio/pcap

--> save file as inout.cap

(Captures on inside and outside interface)

If PDM is not available, captures can be sent to a TFTP server using following commands-

copy capture:capo tftp://x.x.x.x/outside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "outside.cap")

copy capture:capi tftp://x.x.x.x/inside.cap pcap

(Captures on outside interface of PIX, capture file will be saved as "inside.cap")

copy capture:capio tftp://x.x.x.x/inout.cap pcap

(Captures on inside and outside interface of PIX, capture file will be saved as "inout.cap")

x.x.x.x : IP address of TFTP server.

------

do not forget to rate this. :)

159
Views
0
Helpful
2
Replies
CreatePlease to create content