Monday, September 21, 2015

Is The Packet Making It Through

I had this issue come up where the customer was saying something was wrong with the firewall.  I have several posts about configuring a packet capture on the ASA, so I wont go into the config of that.  But, below is what I did to prove that the ASA was ok.

Lets capture on the outside interface of the ASA to see if the packets are making it:
ASA# sh capture capin

5 packets captured

    1: 13:33:23.722023 45.45.156.128.35106 > 50.50.75.4.80: S 1746501894:1746501894(0) win 65535 <mss 1460,sackOK,timestamp 9024126 0,nop,wscale 6>
   2: 13:33:23.723763 45.45.156.128.35107 > 50.50.75.4.80: S 370354649:370354649(0) win 65535 <mss 1460,sackOK,timestamp 9024126 0,nop,wscale 6>
   3: 13:33:23.951794 45.45.156.128.35109 > 50.50.75.4.80: S 426922397:426922397(0) win 65535 <mss 1460,sackOK,timestamp 9024149 0,nop,wscale 6>
   4: 13:33:24.562043 45.45.156.128.35113 > 50.50.75.4.80: S 1385524340:1385524340(0) win 65535 <mss 1460,sackOK,timestamp 9024210 0,nop,wscale 6>
   5: 13:33:29.637296 45.45.156.128.35114 > 50.50.75.4.80: S 3644565852:3644565852(0) win 65535 <mss 1460,sackOK,timestamp 9024717 0,nop,wscale 6>
5 packets shown

Yeah, it looks like the packets are making it.  Now its time to capture on the inside interface of the ASA:
ASA# sh capture capin

4 packets captured

    1: 14:05:53.245623 45.45.156.128.35120 > 192.168.60.10.80: S 528608121:528608121(0) win 65535 <mss 1380,sackOK,timestamp 9219068 0,nop,wscale 6>
   2: 14:05:53.245882 45.45.156.128.35119 > 192.168.60.10.80: S 236186416:236186416(0) win 65535 <mss 1380,sackOK,timestamp 9219068 0,nop,wscale 6>
   3: 14:05:53.736076 45.45.156.128.35122 > 192.168.60.10.80: S 104826225:104826225(0) win 65535 <mss 1380,sackOK,timestamp 9219119 0,nop,wscale 6>
   4: 14:05:58.860688 45.45.156.128.35123 > 192.168.60.10.80: S 4140132663:4140132663(0) win 65535 <mss 1380,sackOK,timestamp 9219630 0,nop,wscale 6>
4 packets shown
ASA#

Can I ping the server from the ASA?  See below, it looks like I cant.
ASA# ping 192.168.60.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.10, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
ASA#

Posted by

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.

Subscribe to: Post Comments (Atom)