- 1 Some notes on working with Cisco ASA's
- 2 Commands on an asa 8.3 and above
- 2.1 object-groups
- 2.2 Capture packets (like linux tcpdump/ Solaris snoop)
- 2.3 packet tracer
Some notes on working with Cisco ASA's
Commands on an asa 8.3 and above
Make everything object groups! ok so not everything can be an object group things like access lists are access lists not object groups. Even if you just have one host or service make an object group for it it make it all much nicer honist!
show run object-group id DMZ-HOSTS object-group network DMZ-HOSTS network-object host 10.10.10.10 network-object host 10.10.10.11
The object-group network sub command is used for creating groups of network type objects.
The network-object command is used with the object-group command to define a host object, a network object, or a subnet object.
To create an member that is just one host use an ip address of dns name:
network-object host a.b.c.d network-object host host.name.tld
To create an member that is a sub net:
network-object a.b.c.d 255.255.255.0
To create an member that is a network object (created by the object network command)
network-object object object_network_name
port-object eq port-object range
Capture packets (like linux tcpdump/ Solaris snoop)
Start a Capture
# capture [name] interface [interface name] match [protical (ip/icmp/tcp/udp)] host [source host (x.x.x.x/any)] [Dest host (x.x.x.x/any)]
Stop the capture but keep the data
# no capture [name] interface [interface name]
# show capture [name]
Delete the capture
# no capture [name]
# capture SH interface extern match ip host 10.10.10.10 any
# show capt capture SH type raw-data [Capturing - 14486 bytes] match ip host 10.10.10.10 any
# show capture SH 71 packets captured 1: 16:47:19.884750 10.10.10.3.64216 > 10.10.10.10.53: udp 42 2: 16:47:19.885086 10.10.10.10.53 > 10.10.10.3.64216: udp 238 ...
# packet-tracer input [interface name] [protical (icmp/tcp/udp)] [source host (x.x.x.x)] [source port] [dest host (x.x.x.x)] [desk port] (detailed)
# packet-tracer input external tcp 10.10.10.3 64216 10.10.10.10 53 detailed