Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Debugging an access list

Hello,

What are your methods of proving an access list is working if you only have the router to test from remotely.

We have a remote 3G router that I installed in another country that VPNs back to us and I don't have access to the devices on that LAN, but they say a port isn't open over the VPN.  My access lists look ok to me, but I want to try a telnet command like you would do from a PC to see if the port is open or a packet trace liek on an ASA.

Any ideas on what I could try as a ping works to the device which goes through the VNC so there is end to end connectivity?

Thanks

1 REPLY
New Member

Debugging an access list

Use theo show access list commands and verify that you are getting matches against your access list.

You can add log to the end of your access list and use syslog or the console to make sure traffic is being checked against your access list.

Use IP accounting (access-violation)

88
Views
0
Helpful
1
Replies
CreatePlease to create content