Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Debugging on pix501/506

Debugging on pix501/506 12 years 9 months ago #14445

  • mikeb
  • mikeb's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 8
  • Thank you received: 0

We have a site-to-site VPN setup between 506 and 501. Some of the functions of our custom software are not working properly. I'd like to check whether the firewalls are dropping any pockets. I have access-list setup that open a few ports. I'd like to be able to see if any traffic comes in to any ports not open by access list. I'm new to Pix firewalls and not sure what I need to use in this case. Debug access-list or debug packet commands.


Debugging on pix501/506 12 years 9 months ago #14567


while writing acess list end it with " log " for example

access-list allow_ping permit icmp any any eq www log

by giving show access-list you can see the hit counts. While accessing that application check whether the hit count is increasing.
If the hit count is increasing the access list is blocking the application for that you have open the port in the access list.
  • Page:
  • 1
Time to create page: 0.092 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup