Src_addr Specifies the source address for the packet trace. Available protocol type keywords are icmp, rawip, tcp or udp. Protocol Specifies the protocol type for the packet trace. Input src_int Specifies the source interface for the packet trace. Packet-tracer input protocol src_addr src_port dest_addr dest_port ĭefaults This command has no default settings.Ĭommand Modes The following table shows the modes in which you can enter the command:ġ-255 Specifies the IP protocol ID or next header range. To disable packet capture capabilities, use the no form of this command. Packet-tracerTo enable packet tracing capabilities for packet sniffing and network fault isolation, use the packet-tracer commandin privileged EXEC configuration mode. To set the nameif and security level issue following commands:ĪSA#configure terminal ASA(config)#interface GigabitEthernet0/0 ASA(config-if)# nameif outside ASA(config-if)# security-level 10 ASA(config-if)#ip address 192.168.202.201 255.255.255.21-1Cisco ASA 5500 Series Command ReferenceĬhapter 21 packet-tracer through pwd Commands packet-tracer You can think of it as a security zone thus give it the meaningful name as a best practice. The nameif is your custom name for particular logical interface.
So term “Traffic allowed from higher to lower interface” means: session that is initiated from higher to lower interface direction.
ASA “understands” sessions and treats packet flows as whole sessions. Term “traffic” means session being initiated. To change this behavior ACLs must be used. Traffic is denied from lower to higher security level by default. Traffic is allowed to pass from higher to lower security level interface by default. Security levels are numbered from 0 to 100. Technology: Network Security Area: Firewalls Vendor: Cisco Software: 8.X, 9.X Platform: Cisco ASAĮach logical ASA interface must have ip address, security-level and nameif configured to work.
0 kommentar(er)
