Cisco ASA Series ASDM Configuration Guide, 7.0
Troubleshooting
Downloads: This chapterpdf (PDF - 204.0KB) The complete bookPDF (PDF - 35.52MB) | Feedback

Troubleshooting

Table Of Contents

Troubleshooting

Configuring and Running Captures with the Packet Capture Wizard

Ingress Traffic Selector

Egress Traffic Selector

Buffers

Summary

Run Captures

Save Captures


Troubleshooting


This chapter describes how to troubleshoot the ASA and includes the following sections:

Configuring and Running Captures with the Packet Capture Wizard

Configuring and Running Captures with the Packet Capture Wizard

You can use the Packet Capture Wizard to configure and run captures for troubleshooting errors. The captures can use access lists to limit the type of traffic captured, the source and destination addresses and ports, and one or more interfaces. The wizard runs one capture on each of the ingress and egress interfaces. You can save the captures on your PC to examine them in a packet analyzer.


Note This tool does not support clientless SSL VPN capture.


To configure and run captures, perform the following steps:


Step 1 In the main ASDM application window, choose Wizards > Packet Capture Wizard.

The Overview of Packet Capture screen appears, with a list of the tasks through which the wizard will guide you to complete. Those tasks include the following:

Selecting an ingress interface.

Selecting an egress interface.

Setting the buffer parameters.

Running the captures.

Saving the captures to your PC (optional).

Step 2 Click Next.

In a clustering environment, the Cluster Option screen appears. Go to Step 3.


Note For more information about clustering, see Chapter 10 "Configuring a Cluster of ASAs."


In a non-clustering environment, the Ingress Traffic Selector screen appears. Go to Step 4.

Step 3 In the Cluster Option screen, choose one of the following options for running a capture: This device only or The whole cluster, then click Next.

Step 4 Choose the ingress interface from the drop-down list.

Step 5 In the Packet Match Criteria area, do one of the following:

To specify the access list to use for matching packets, click the Specify access-list radio button, and then choose the access list from the Select access list drop-down list. To add a previously configured access list to the current drop-down list, click Manage to display the ACL Manager pane. Choose an access list, and click OK.

To specify packets parameters, click the Specify Packet Parameters radio button.

Step 6 Click Next to display the Ingress Traffic Selector screen. For more information, see the "Ingress Traffic Selector" section.

Step 7 Enter the source host IP address and choose the network IP address from the drop-down list.

Step 8 Enter the destination host IP address and choose the network IP address from the drop-down list.

Step 9 Choose the protocol type to capture from the drop-down list. Available protocol types to capture are ah, eigrp, esp, gre, icmp, icmp6, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, snp, tcp, or udp.

Step 10 Click Next to display the Egress Traffic Selector screen. For more information, see the "Egress Traffic Selector" section.

Step 11 Choose the egress interface from the drop-down list.

Step 12 Enter the source host IP address and choose the network IP address from the drop-down list.

Step 13 Enter the destination host IP address and choose the network IP address from the drop-down list.


Note The source port services, destination port services, and ICMP type are read-only and are based on the choices that you made in the Ingress Traffic Selector screen.


Step 14 Click Next to display the Buffers & Captures screen. For more information, see the "Buffers" section.

Step 15 In the Capture Parameters area, to obtain the latest capture every 10 seconds automatically, check the Get capture every 10 seconds check box. By default, this capture uses the circular buffer.

Step 16 In the Buffer Parameters area, you specify the buffer size and packet size. The buffer size is the maximum amount of memory that the capture can use to store packets. The packet size is the longest packet that the capture can hold. We recommend that you use the longest packet size to capture as much information as possible.

a. Enter the packet size. The valid size ranges from 14 - 1522 bytes.

b. Enter the buffer size. The valid size ranges from 1534 - 33554432 bytes.

c. Check the Use circular buffer check box to store captured packets.


Note When you choose this setting, if all the buffer storage is used, the capture starts overwriting the oldest packets.


Step 17 Click Next to display the Summary screen, which shows the cluster options for all units in the cluster (if you are using clustering), traffic selectors, and buffer parameters that you have entered. For more information, see the "Summary" section.

Step 18 Click Next to display the Run Captures screen, and then click Start to begin capturing packets. Click Stop to end the capture. For more information, see the "Run Captures" section. If you are using clustering, go to Step 20.

Step 19 Click Get Capture Buffer to determine how much buffer space you have remaining. Click Clear Buffer on Device to remove the current content and allow room in the buffer to capture more packets.

Step 20 In a clustering environment, on the Run Captures screen, perform one or more of the following steps:

Click Get Cluster Capture Summary to view a summary of packet capture information for all units in the cluster, followed by packet capture information for each unit.

Click Get Capture Buffer to determine how much buffer space you have remaining in each unit of the cluster. The Capture Buffer from Device dialog box appears.

Click Clear Buffer on Device to remove the current content for one or all of the units in a cluster and allow room in the buffer to capture more packets.

Step 21 Click Save captures to display the Save Capture dialog box. You have the option of saving either the ingress capture, the egress capture, or both. For more information, see the "Save Captures" section.

Step 22 To save the ingress packet capture, click Save Ingress Capture to display the Save capture file dialog box. Specify the storage location on your PC, and click Save.

Step 23 Click Launch Network Sniffer Application to start the packet analysis application specified in Tools > Preferences for analyzing the ingress capture.

Step 24 To save the egress packet capture, click Save Egress Capture to display the Save capture file dialog box. Specify the storage location on your PC, and click Save.

Step 25 Click Launch Network Sniffer Application to start the packet analysis application specified in Tools > Preferences for analyzing the egress capture.

Step 26 Click Close, then click Finish to exit the wizard.


Ingress Traffic Selector

To configure the ingress interface, source and destination hosts or networks, and the protocol for packet capture, perform the following steps:


Step 1 Enter the ingress interface name.

Step 2 Enter the ingress source host and network.

Step 3 Enter the ingress destination host and network.

Step 4 Enter the protocol type to capture. Available protocols are ah, eigrp, esp, gre, icmp, icmp6, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, snp, tcp, or udp.

a. Enter the ICMP type for ICMP only. Available types include all, alternate address, conversion-error, echo, echo-reply, information-reply, information-request, mask-reply, mask-request, mobile-redirect, parameter-problem, redirect, router-advertisement, router-solicitation, source-quench, time-exceeded, timestamp-reply, timestamp-request, traceroute, or unreachable.

b. Specify the source and destination port services for the TCP and UDP protocols only. Available options include the following:

To include all services, choose All Services.

To include a service group, choose Service Groups.

To include a specific service, choose one of the following: aol, bgp, chargen, cifx, citrix-ica, ctiqbe, daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, hostname, http, https, ident, imap4, irc, kerberos, klogin, kshell, ldap, ldaps, login, lotusnotes, lpd, netbios-ssn, nntp, pcanywhere-data, pim-auto-rp, pop2, pop3, pptp, rsh, rtsp, sip, smtp, sqlnet, ssh, sunrpc, tacacs, talk, telnet, uucp, or whois.


Egress Traffic Selector

To configure the egress interface, source and destination hosts/networks, and source and destination port services for packet capture, perform the following steps:


Step 1 Enter the egress interface name.

Step 2 Enter the egress source host and network.

Step 3 Enter the egress destination host and network.

The protocol type selected during the ingress configuration is already listed.


Buffers

To configure the packet size, buffer size, and use of the circular buffer for packet capture, perform the following steps.


Step 1 Enter the longest packet that the capture can hold. Use the longest size available to capture as much information as possible.

Step 2 Enter the maximum amount of memory that the capture can use to store packets.

Step 3 Use the circular buffer to store packets. When the circular buffer has used all of the buffer storage, the capture will overwrite the oldest packets first.


Summary

The Summary screen shows the cluster options (if you are using clustering), traffic selectors, and the buffer parameters for the packet capture selected in the previous wizard screens.

Run Captures

To start and stop the capture session, view the capture buffer, launch a network analyzer application, save packet captures, and clear the buffer, perform the following steps:


Step 1 To begin the packet capture session on a selected interface, click Start.

Step 2 To stop the packet capture session on a selected interface, click Stop.

Step 3 To obtain a snapshot of the captured packets on the interface, click Get Capture Buffer.

Step 4 To show the capture buffer on the ingress interface, click Ingress.

Step 5 To show the capture buffer on the egress interface, click Egress.

Step 6 To clear the buffer on the device, click Clear Buffer on Device.

Step 7 To start the packet analysis application for analyzing the ingress capture or the egress capture specified in Tools > Preferences, click Launch Network Sniffer Application.

Step 8 To save the ingress and egress captures in either ASCII or PCAP format, click Save Captures.


Save Captures

To save the ingress and egress packet captures to ASCII or PCAP file format for further packet analysis, perform the following steps:


Step 1 To save the capture buffer in ASCII format, click ASCII.

Step 2 To save the capture buffer in PCAP format, click PCAP.

Step 3 To specify a file in which to save the ingress packet capture, click Save ingress capture.

Step 4 To specify a file in which to save the egress packet capture, click Save egress capture.