X:X:X:X::X Enter the Source address if ipv6ĪSA1# packet-tracer input INSIDE tcp 10.10.10.10 ?ĪSA1# packet-tracer input INSIDE tcp 10.10.10.10 88 ?Ī.B.C.D Enter the destination ipv4 addressĪSA1# packet-tracer input INSIDE tcp 10.10.10.10 88 155.155.155.155 3028Īccess-group LAN_INCOMING in interface INSIDEĪccess-list LAN_INCOMING extended permit tcp host 10.10.10.10 any Udp Enter this keyword if the trace packet is UDP Tcp Enter this keyword if the trace packet is TCP Rawip Enter this keyword if the trace packet is RAW IP Icmp Enter this keyword if the trace packet is ICMP Input Ingress interface on which to trace packet (Let's pretend like we've never used the command.) Since I know the source port and the IP of my webserver I can start to walk through the "packet-tracer" command. I've been tasked with finding out if tcp port 88 (Kerberos) is allowed out of the network. (You know I'm right, I know I'm right, heck we've all been there!)Įnough blabity blab, let's cut to the chase. Haven't you ever wanted to know if the ACL you just wrote will accomplish what you intended? And, how many times has somebody asked you, "Am I being blocked by the firewall?" Well, until now you just took an educated guess based on your running-config or looked in the log for their IP address while scratching your head. One of my favorite Cisco commands is the "packet-tracer" command of the Cisco ASA Firewall.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |