Troubleshoot an ASA Device Security Policy

Procedure


Step 1

In the left pane, click Security Devices.

Step 2

Select your ASA and view troubleshooting details in the Troubleshooting pane.

Step 3

In the pane, select the interface and packet type you want to send virtually through your ASA.

Step 4

(Optional) If you want to trace a packet where the security group tag value is embedded in the Layer 2 CMD header (Trustsec), check SGT number and enter the security group tag number, 0-65535.

Step 5

Specify the source and destination. You can specify IPv4 or IPv6 addresses, fully-qualified domain names (FQDN), or security group names or tags if you use Cisco Trustsec. For the source address, you can also specify a username in the format Domain\username.

Step 6

Specify other protocol characteristics:

  • ICMP-Enter the ICMP type, ICMP code (0-255), and optionally, the ICMP identifier.

  • TCP/UDP/SCTP-Enter the source and destination ports by selecting them from the list or entering a value in the port combo box.

  • IP-Enter the protocol number, 0-255.

Step 7

Click Run Packet Tracer.

Step 8

Continue with Analyze Packet Tracer Results.