cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

I think most are missing the point of the original question. 

In Cisco's ASA, Packet tracer allows you to query traffic flow using the current ACL/Rules in place.

so for argument sake, say user on 10.10.20.111 is trying to connect to say 172.16.50.9 on port 443, but claims the firewall is blocking them. You can emulate that traffic. This is a vital tool for rule querying. 

The command below would check as to successful, or dropped

#packet-tracer input inside tcp 10.10.20.111 2222 172.16.50.9 443 detail

this is up to layer 4 of the OSI, which gives good details on: known route/path, NAT and whether there is a supporting rule. If the packet gets dropped, there is good information which points out where and why it was dropped. Which gives guidance on what needs to be added to resolve it.

I have found the monitor tab to be lacking when compared to packet trace

Who rated this post