cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
293
Views
4
Helpful
4
Replies

FWSM: What source IP is hitting the inbound

s.srivas
Level 1
Level 1

Can some advice me of commands that will explicitly indicate if a source ip or subnet is arriving on an interface. (The source could be allowd or not allowed)

4 Replies 4

Farrukh Haroon
VIP Alumni
VIP Alumni

Do you mean to to capture the packets from a particular source once they reach the firewall or do you want to know IF a packet with this specific source IP would come will it be allowed through?

For the first you have the capture command on the FWSM AFAIK. For the second command there is no 'automated' process on the FWSM. On the ASA/PIX there is! Its called the 'packet-tracer' command. On the FWSM you can just check the ACL applied on that interface manually.

Regards

Farrukh

Dear Farrukh,

Thanks for the reply. The capture command proved useful.

However, I would like to know how to display the details of currently active connections, such as source IP etc...

Hi,

Below is the URL that has some useful show commands to monitor the Pix/ASA. Even though the document talks about Pix/ASA, you could use the same commands to monitor the FWSM as well.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

Regards,

Arul

*Pls rate if it helps*

You can use the 'show connection' command for tihs purpose. It also has some optional keywords like 'detailed' etc.

You can also download an evaluation of fireplotter (fireplotter.com) to get a nice filterable GUI.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: