- David Galiata
I've found that people sometimes get nervous running debug commands as well as captures. There are horror stories where you run a debug command and the firewall just locks up.
I have been doing quite a bit of troubleshooting on site to site VPN tunnels and have had to get the some captures to confirm exactly what is happening.
Below is a sample command you can use to match the traffic that matches the host 18.104.22.168 which in my case is the VPN peer IP address.
capture cap1 interface outside match ip host 22.214.171.124 any
Once the capture is configured you can view the capture by running the following command:
show capture cap1
You should see some information similar to this:
2 packets captured 1: 04:12:10.428093 192.168.10.10.34327 > 10.94.0.51.15868: S 2669456341:2669456341(0) win 4128 <mss 536> Drop-reason: (acl-drop) Flow is denied by configured rule 2: 04:12:12.427330 192.168.10.10.34327 > 10.94.0.51.15868: S 2669456341:2669456341(0) win 4128 <mss 536> Drop-reason: (acl-drop) Flow is denied by configured rule 2 packets shown
After you view the capture and don't need it anymore, you can clear all the captures on the ASA with the following command:
clear capture /all