test security-policy-match command

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

test security-policy-match command

L1 Bithead

Trying to utilize the "test security-policy-match" command to accomplish what I normally accomplish on the Cisco ASA using the packet tracer. 

 

On the firewall
1- I have multiple interfaces configured with multiple zones/VR's

2- I need to test access to couple of destinations on a specific port

3- I am trying to use the any command in there but it returns an error

test security-policy-match protocol 6 from any to any destination 172.21.10.183 destination-port 8443

 

Is there a way for me to test that access outbound to the destination from all the zones or will I need to do them all one by one specifying the zone and then source IP?

 

I'm guessing I'll need to do it like this to get precise results

 

test security-policy-match protocol 6 from zone source #.#.#.# to zone destination 172.21.10.183 destination-port 8443

0 REPLIES 0
  • 1743 Views
  • 0 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!