------------------------
1) check status:
show version
show conn
show conn detail
show xlate
clear xlate
show int
show int ip brief
show ip
show localhost all
show mode
show nameif
show route
show route INTERFACE_NAME
2) check configuration:
! check RUNNING
show run
! check NAT
show run nat
show run static
show run global
! check OBJECTS
show run object-group
show run object-group | include OBJECT-NAME
show run object-group service
show run object-group service | include SERVICE
! check RULES
show run access-list
show run access-list | include ACCESS-LIST-NAME
show run access-group
! check INTERFACES/IP
show run ip
! check APPLICATION-INSPECTION
show run policy-map
show run service-policy
! check VPN
debug crypto ipsec
debug crypto isakmp
show crypto ipsec sa
show crypto isakmp sa detail
debug crypto ipsec
debug crypto isakmp
show crypto ipsec sa
show crypto isakmp sa detail
3) Packet Capture:
Inside: 192.168.1.254/24
Outside: 5.5.5.254/24
!
config t
no access-list capin
access-list capin permit ip host 192.168.1.100 host 5.5.5.100
capture capin access-list capin interface Inside
!
no access-list capout
access-list capout permit ip host 5.5.5.100 host 192.168.1.100
capture capout access-list capout interface Outside
!
clear cap capin
clear cap capout
!
show cap capin
show cap capout
!
-------------------------------------------
(to be continued...)
No comments:
Post a Comment