Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Packet Display on IPS

First post ever, maybe my quetsion is so obvious ... but I'm really stuck :

The question is about the diversion off traffic in the ASA towards the IPS

On the IPS I can issue a "packet display gig0/0" nice to see packets floating around :-)

But when I do this om the backplane interface i see nothing happening.

Maybe this is simple : you cann't issue the command on the backplane, but what about this traffic diverting thing ?

Here you can see my settings (nearly exact thos from the manuals)

ciscoasa# sh running-config access-list

access-list alles extended permit icmp any any log critical

access-list alles extended permit ip any any log critical

ciscoasa# sh running-config access-group

access-group alles in interface mgmt

access-group alles out interface mgmt

access-group alles in interface e0/0

access-group alles out interface e0/0

ciscoasa# sh running-config class-map

class-map ip_class_map

match access-list alles

ciscoasa# sh running-config policy-map

policy-map ips_policy_map

class ip_class_map

ips promiscuous fail-open

ciscoasa# sh running-config service-policy

service-policy ips_policy_map global

Cisco Adaptive Security Appliance Software Version 7.1(1) (5510)

Cisco Intrusion Prevention System, Version 5.1(1)S205.0

asa-sensor# packet display gigabitEthernet0/1

Warning: This command will cause significant performance degradation

tcpdump: WARNING: ge0_1: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on ge0_1, link-type EN10MB (Ethernet), capture size 65535 bytes

0 packets captured

0 packets received by filter

0 packets dropped by kernel

the biggest problem maybe :

ciscoasa# sh access-list

access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)

alert-interval 300

access-list alles; 2 elements

access-list alles line 1 extended permit icmp any any log critical interval 300 (hitcnt=0) 0x1209f4e5

access-list alles line 2 extended permit ip any any log critical interval 300 (hitcnt=0) 0xa247179c

I just can't see any hits on the implied acl's

Any idea's ?

Tia

221
Views
0
Helpful
0
Replies
CreatePlease to create content