Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Debugging on pix501/506

Debugging on pix501/506 11 years 11 months ago #14445

  • mikeb
  • mikeb's Avatar
  • Offline
  • New Member
  • Posts: 8
  • Karma: 0

We have a site-to-site VPN setup between 506 and 501. Some of the functions of our custom software are not working properly. I'd like to check whether the firewalls are dropping any pockets. I have access-list setup that open a few ports. I'd like to be able to see if any traffic comes in to any ports not open by access list. I'm new to Pix firewalls and not sure what I need to use in this case. Debug access-list or debug packet commands.

The administrator has disabled public write access.

Debugging on pix501/506 11 years 11 months ago #14567

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0

while writing acess list end it with " log " for example

access-list allow_ping permit icmp any any eq www log

by giving show access-list you can see the hit counts. While accessing that application check whether the hit count is increasing.
If the hit count is increasing the access list is blocking the application for that you have open the port in the access list.
The administrator has disabled public write access.
Time to create page: 0.117 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup