Scribd
Upload
7 views9 pages

Asa

Uploaded by

gowthamfree1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
7 views9 pages

Asa

Uploaded by

gowthamfree1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 9

User Access Verification

Username: admin
Password: ************
User admin logged in to ciscoasa
Logins over the last 41 days: 2. Last login: 15:57:54 IST Aug 5 2025 from
10.4.160.50
Failed logins since the last login: 0. Last failed login: 15:57:25 IST Aug 5 2025
from 10.4.160.50
Type help or '?' for a list of available commands.
ciscoasa> en
Password: ********
ciscoasa# conf t
ciscoasa(config)# packet
ciscoasa(config)# packet-tracer
ERROR: % Incomplete command
ciscoasa(config)#
ciscoasa(config)# packet-tracer ?

exec mode commands/options:


input Ingress interface on which to trace packet
ciscoasa(config)# packet-tracer input
ERROR: % Incomplete command
ciscoasa(config)# packet-tracer input ?

exec mode commands/options:


Current available interface(s):
Hathway Name of interface GigabitEthernet1/7
INTERNAL Name of interface GigabitEthernet1/1
JIO Name of interface GigabitEthernet1/5
LAN Name of interface GigabitEthernet1/8
MPLS Name of interface GigabitEthernet1/4
MPLSTATA Name of interface GigabitEthernet1/6
OUTSIDE1 Name of interface GigabitEthernet1/2
OUTSIDE2 Name of interface GigabitEthernet1/3
management Name of interface Management1/1
ciscoasa(config)# packet-tracer input Hathway
ERROR: % Incomplete command
ciscoasa(config)# packet-tracer input Hathway ?

exec mode commands/options:


esp Enter this keyword if the trace packet is ESP
icmp Enter this keyword if the trace packet is ICMP
rawip Enter this keyword if the trace packet is RAW IP
sctp Enter this keyword if the trace packet is SCTP
tcp Enter this keyword if the trace packet is TCP
udp Enter this keyword if the trace packet is UDP
vlan-id Specify VLAN id for the flow
ciscoasa(config)# packet-tracer input Hathway tcp ?

exec mode commands/options:


A.B.C.D Enter the Source address if ipv4
X:X:X:X::X Enter the Source address if ipv6
fqdn Enter this keyword if an FQDN is specified as source address
inline-tag Enter this keyword if trace packet is embedded with L2 CMD
Header
security-group Enter this keyword if a security group is specified as source
address
user Enter this keyword if a user is specified as source address
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59 ?

exec mode commands/options:


<0-65535> Enter port number (0 - 65535)
aol
bgp
chargen
cifs
citrix-ica
cmd
ctiqbe
daytime
discard
domain
echo
exec
finger
ftp
ftp-data
gopher
h323
hostname
http
https
ident
imap4
irc
kerberos
klogin
kshell
ldap
ldaps
login
lotusnotes
lpd
netbios-ssn
nfs
nntp
pcanywhere-data
pim-auto-rp
pop2
pop3
pptp
rsh
rtsp
sip
smtp
sqlnet
ssh
sunrpc
tacacs
talk
telnet
uucp
whois
www
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59
ERROR: % Incomplete command
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59 22 ?

exec mode commands/options:


A.B.C.D Enter the destination ipv4 address
fqdn Enter this keyword if an FQDN is specified as destination
address
security-group Enter this keyword if a security group is specified as
destination address
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59 22 8.8.8.8 ?

exec mode commands/options:


<0-65535> Enter port number (0 - 65535)
aol
bgp
chargen
cifs
citrix-ica
cmd
ctiqbe
daytime
discard
domain
echo
exec
finger
ftp
ftp-data
gopher
h323
hostname
http
https
ident
imap4
irc
kerberos
klogin
kshell
ldap
ldaps
login
lotusnotes
lpd
netbios-ssn
nfs
nntp
pcanywhere-data
pim-auto-rp
pop2
pop3
pptp
rsh
rtsp
sip
smtp
sqlnet
ssh
sunrpc
tacacs
talk
telnet
uucp
whois
www
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59 22 8.8.8.8
ERROR: % Incomplete command
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# packet-tracer input Hathway tcp 10.4.160.59 22 8.8.8.8 http

Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list

Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 106.51.0.1 using egress ifc OUTSIDE1

Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Hathway_access_in in interface Hathway
access-list Hathway_access_in extended permit ip any any
Additional Information:

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

ERROR: % Incomplete command


ciscoasa(config)#
ciscoasa(config)# show rout
ciscoasa(config)# show route
Config:
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 106.51.0.1 to network 0.0.0.0
Config:
S* 0.0.0.0 0.0.0.0 [1/0] via 106.51.0.1, OUTSIDE1
S 10.4.160.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.160.59 255.255.255.255 [1/0] via 210.18.156.1, Hathway
S 10.4.161.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.162.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.163.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.164.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.165.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.166.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.167.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.168.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.169.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.170.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.172.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 10.4.175.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
C 10.4.200.0 255.255.255.0 is directly connected, LAN
L 10.4.200.200 255.255.255.255 is directly connected, LAN
S 10.5.160.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 103.91.218.18 255.255.255.255 [1/0] via 115.240.248.73, JIO
S 104.211.207.95 255.255.255.255 [1/0] via 115.240.248.73, JIO
C 106.51.0.0 255.255.252.0 is directly connected, OUTSIDE1
L 106.51.0.152 255.255.255.255 is directly connected, OUTSIDE1
C 115.240.248.72 255.255.255.248 is directly connected, JIO
L 115.240.248.74 255.255.255.255 is directly connected, JIO
S 172.16.1.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 192.168.5.0 255.255.255.0 [1/0] via 10.4.200.1, LAN
S 192.168.25.0 255.255.255.0 [1/0] via 115.240.248.73, JIO
S 192.168.26.0 255.255.255.0 [250/0] via 115.240.248.73, JIO
C 210.18.156.0 255.255.255.0 is directly connected, Hathway
L 210.18.156.140 255.255.255.255 is directly connected, Hathway

ciscoasa(config)# on
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# tion:
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# tion:
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# ICS
ciscoasa(config)# istics
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# tion:
ciscoasa(config)# show run
ciscoasa(config)# show run interface gig 0/7
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# show run interface gig 7
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# show run interface gig 0/7ispatched to next module
^
ERROR: % Invalid input detected at '^' marker.
ciscoasa(config)# show run interface gig 1/7
!nput-status: up
interface GigabitEthernet1/7
description HathwayTSIDE1
nameif Hathwayup
security-level 0s: up
ip address 210.18.156.140 255.255.255.0
ciscoasa(config)# show run interface gig 1/8
!iscoasa(config)#
interface GigabitEthernet1/8
nameif LANnfig)#
security-level 100
ip address 10.4.200.200 255.255.255.0
policy-route route-map pbr1
ciscoasa(config)# show run interface gig 1/1
!iscoasa(config)#
interface GigabitEthernet1/1
shutdownconfig)#
nameif INTERNAL#
security-level 100
no ip addressg)#
policy-route route-map nactraffic
ciscoasa(config)# show route
ciscoasa(config)# show route-map ?
System IP Addresses:
exec mode commands/options:me IP address Subnet mask
Method
WORD route-map nameOUTSIDE1 106.51.0.152 255.255.252.0
CONFIG
all static and dynamic route-map information.201.137.138 255.255.255.248
CONFIG
dynamic dynamic route-map information 192.168.136.146 255.255.255.252
CONFIG
| Output modifiersO 115.240.248.74 255.255.255.248
CONFIG
<cr>tEthernet1/6 MPLSTATA 10.6.20.2 255.255.255.252
CONFIG
ciscoasa(config)# show route-map 210.18.156.140 255.255.255.0
CONFIG
route-map nactraffic, permit, sequence 5 10.4.200.200 255.255.255.0
CONFIG
Match clauses: management 10.4.160.251 255.255.255.0
CONFIG
ip address (access-lists): IPSEC
Interface Name IP address Subnet mask
Method
Set clauses:t1/2 OUTSIDE1 106.51.0.152 255.255.252.0
CONFIG
ip next-hop 123.201.60.65IDE2 123.201.137.138 255.255.255.248
CONFIG
route-map nactraffic, permit, sequence 10 192.168.136.146 255.255.255.252
CONFIG
Match clauses:/5 JIO 115.240.248.74 255.255.255.248
CONFIG
ip address (access-lists): MPLSNAC 10.6.20.2 255.255.255.252
CONFIG
GigabitEthernet1/7 Hathway 210.18.156.140 255.255.255.0
CONFIG
Set clauses:t1/8 LAN 10.4.200.200 255.255.255.0
CONFIG
ip next-hop verify-availability 192.168.136.145 1 track 50 [down]5.255.0
CONFIG
ip next-hop verify-availability 10.6.20.1 254 track 40 [down].8.8.8
route-map nactraffic, permit, sequence 20
Match clauses:
ip address (access-lists): ACT2

Set clauses:
ip next-hop verify-availability 183.82.32.1 1 track 30 [up]
route-map nactraffic, permit, sequence 30
Match clauses:
ip address (access-lists): NACLAN4TRAFFIC

Set clauses:
ip next-hop verify-availability 106.51.0.1 1 track 10 [up]
ip next-hop verify-availability 123.201.60.65 2 track 20 [down]
route-map nactraffic, permit, sequence 40
Match clauses:
ip address (access-lists): NACLAN5TRAFFIC

Set clauses:
ip next-hop verify-availability 123.201.60.65 1 track 20 [down]
ip next-hop verify-availability 106.51.0.1 2 track 10 [up]
route-map test, permit, sequence 10
Match clauses:
ip address (access-lists): vlan169

Set clauses:
ip next-hop verify-availability 123.201.60.65 1 track 20 [down]
ip next-hop verify-availability 123.201.60.65 2 track 20 [down]
route-map pbr1, permit, sequence 10
Match clauses:

Set clauses:
ip next-hop verify-availability 106.51.0.1 1 track 10 [up]
ip next-hop verify-availability 210.18.156.1 2 track 30 [up]
route-map pbr1, permit, sequence 20
Match clauses:

Set clauses:
ip next-hop verify-availability 210.18.156.1 1 track 30 [up]
ip next-hop verify-availability 106.51.0.1 2 track 10 [up]
route-map TesInternetAccess, permit, sequence 2
Match clauses:
ip address (access-lists): TESTinternet
interface Hathway

Set clauses:
ip next-hop 210.18.156.140
ip default next-hop 210.18.156.140
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# show route-map ?

exec mode commands/options:


WORD route-map name
all static and dynamic route-map information
dynamic dynamic route-map information
| Output modifiers
<cr>
ciscoasa(config)# show route-map nactraffic
route-map nactraffic, permit, sequence 5
Match clauses:
ip address (access-lists): IPSEC

Set clauses:
ip next-hop 123.201.60.65
route-map nactraffic, permit, sequence 10
Match clauses:
ip address (access-lists): MPLSNAC

Set clauses:
ip next-hop verify-availability 192.168.136.145 1 track 50 [down]
ip next-hop verify-availability 10.6.20.1 254 track 40 [down]
route-map nactraffic, permit, sequence 20
Match clauses:
ip address (access-lists): ACT2

Set clauses:
ip next-hop verify-availability 183.82.32.1 1 track 30 [up]
route-map nactraffic, permit, sequence 30
Match clauses:
ip address (access-lists): NACLAN4TRAFFIC

Set clauses:
ip next-hop verify-availability 106.51.0.1 1 track 10 [up]
ip next-hop verify-availability 123.201.60.65 2 track 20 [down]
route-map nactraffic, permit, sequence 40
Match clauses:
ip address (access-lists): NACLAN5TRAFFIC

Set clauses:
ip next-hop verify-availability 123.201.60.65 1 track 20 [down]
ip next-hop verify-availability 106.51.0.1 2 track 10 [up]
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)#
ciscoasa(config)# show route-map TesInternetAccess
route-map TesInternetAccess, permit, sequence 2
Match clauses:
ip address (access-lists): TESTinternet
interface Hathway

Set clauses:
ip next-hop 210.18.156.140
ip default next-hop 210.18.156.140

You might also like