ASDM Packet Trace Utility

The Packet Trace utility in ASDM will graphically show the steps taken by a packet from a dummy source IP to an actual destination. To open the Packet Trace utility, navigate to Configuration in the upper left, then select Firewall in the lower left. Open the Access Rules section in the left-hand bar. Right-click on the Access Rule which determines access to the destination IP and select Packet Trace.

The packet trace utility allows the user to select the interface (usually OUTSIDE in order to test external access), the packet type, and the source and destination IP addresses. The destination should be the target IP, and the source can be any external IP.

See below for an example of an ICMP packet trace to the external IP of an ASAv:

The packet trace tool can be used to diagnose Access Rule issues involving packets being denied or traffic being routed incorrectly. If the packet is denied, the denial will be listed under RESULT, as well as whichever step at which the denial took place (NAT, Access Rule, VPN, etc).

Was this article helpful?

Related Articles

string(11) "live search"