Hi All
I thought it may be a good idea to start a thread where people can share
some the handy commands, generally show or debug but could be anything
relating to CCIE Security, that they use regularly and make their life a
lot easier.
So I'll start with one of mine for the ASA:
ASA1# show service-policy flow
Used for an ASA much like the "packet-tracer" command to define a packet by
source and destination IP/Port to check what service policies are impacting
on such a packet. Here is an example:
ASA1# show service-policy flow tcp host 136.1.122.200 host 136.1.122.100 eq
80
Global policy:
Service-policy: global_policy
Class-map: class-default
Match: any
Action:
Output flow:
Interface outside:
Service-policy: outside
Class-map: HTTP-outside
Match: access-list http-outside
Access rule: permit tcp any host 136.1.122.100 eq www
Action:
Input flow: inspect http HTTP-MAP
Input flow: set connection conn-max 100 embryonic-conn-max 500
Class-map: class-default
Match: any
Action:
Output flow:
Interface inside:
Service-policy: INSIDE
Class-map: class-default
Match: any
Action:
Output flow:
I find this can be a handy command to check and confirm that your service
policies are being applied as you would hope for the traffic you define.
Thanks
Ben
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
