Skip to main content

Debugging on pix501/506

More
18 years 7 months ago #14445 by mikeb
Hello.

We have a site-to-site VPN setup between 506 and 501. Some of the functions of our custom software are not working properly. I'd like to check whether the firewalls are dropping any pockets. I have access-list setup that open a few ports. I'd like to be able to see if any traffic comes in to any ports not open by access list. I'm new to Pix firewalls and not sure what I need to use in this case. Debug access-list or debug packet commands.

Thanks.
More
18 years 7 months ago #14567 by ramasamy
Replied by ramasamy on topic Debugging on pix501/506
Hi,

while writing acess list end it with " log " for example

access-list allow_ping permit icmp any any eq www log

by giving show access-list you can see the hit counts. While accessing that application check whether the hit count is increasing.
If the hit count is increasing the access list is blocking the application for that you have open the port in the access list.
Time to create page: 0.119 seconds