Re: [OSL | CCIE_Security] Packet tracer from out to in with multicontext

Wed, 04 Jul 2012 18:02:33 -0700 

Correct, 

Try with real traffic if it doesnt work, use NAT which is the second method 
that the firewall uses for packet classification, a regular self translation 
should do it. 

Mike 

Date: Wed, 4 Jul 2012 16:00:31 +0200
From: [email protected]
To: [email protected]
CC: [email protected]
Subject: Re: [OSL | CCIE_Security] Packet tracer from out to in with    
multicontext

Kings,

Packet Tracer is buggy in multiple context mode (some certain scenarios). Maybe 
they fixed it in > 8.2, but not 100% of that.

Regards,--
Piotr KaluznyCCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.URL: http://www.IPexpert.com




On Wed, Jul 4, 2012 at 3:49 PM, Fawad Khan <[email protected]> wrote:

How does the Nat control and statics look like?

On Wednesday, July 4, 2012, Kingsley Charles  wrote:


Typo, the dest port is 23...

On Wed, Jul 4, 2012 at 5:45 PM, Kingsley Charles <[email protected]> 
wrote:


Hi all

When I run packet tracer from out to in, I get the following O/P. Now the 
outside interface is shared between contexts but I have configured for mac 
address-auto. Traffic is passing without any issues.  





Thoughts please.

asa1/admin(config)# packet-tracer input outside tcp 20.10.30.40 1024 
10.20.30.40 23

Result:
input-interface: outside
input-status: up
input-line-status: up
Action: drop
Drop-reason: (ifc-classify) Virtual firewall classification failed






With regards
Kings





-- 
FNK


_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com



_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to