API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 19th, 2019
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.42 KB | None | 0 0
raw download clone embed print report
  1. act/Lab2/FWasa1# show cryp ipse sa
  2. interface: outside_access
  3. Crypto map tag: acces_map, seq num: 1, local addr: x.x.x.x
  4.  
  5. access-list crypto_map extended permit ip 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0
  6. local ident (addr/mask/prot/port): (100.100.0.0/255.255.255.0/0/0)
  7. remote ident (addr/mask/prot/port): (100.100.1.0/255.255.255.0/0/0)
  8. current_peer: y.y.y.y
  9.  
  10.  
  11. #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
  12. #pkts decaps: 2640, #pkts decrypt: 2640, #pkts verify: 2640
  13. #pkts compressed: 0, #pkts decompressed: 0
  14. #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
  15. #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
  16. #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
  17. #TFC rcvd: 0, #TFC sent: 0
  18. #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
  19. #send errors: 0, #recv errors: 0
  20.  
  21.  
  22. act/Lab2/FWasa1# show access-list crypto_map
  23. access-list crypto_map; 2 elements; name hash: 0x2b034900
  24. access-list crypto_map line 1 extended permit ip object local_network object remote_network (hitcnt=8) 0xd0d5d370
  25. access-list crypto_map line 1 extended permit ip 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0 (hitcnt=8) 0xd0d5d370
  26. access-list crypto_map line 2 extended permit icmp object local_network object remote_network (hitcnt=0) 0x1adc0eab
  27. access-list crypto_map line 2 extended permit icmp 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0 (hitcnt=0) 0x1adc0eab
  28.  
  29. act/Lab2/FWasa1# packet-tracer input locale_interface icmp 100.100.0.1 8 0 100.100.1.1
  30.  
  31. Phase: 2
  32. Type: ROUTE-LOOKUP
  33. Subtype: Resolve Egress Interface
  34. Result: ALLOW
  35. Config:
  36. Additional Information:
  37. found next-hop x.x.x.x using egress ifc outside_access
  38.  
  39. Phase: 2
  40. Type: ACCESS-LIST
  41. Subtype:
  42. Result: DROP
  43. Config:
  44. Implicit Rule
  45. Additional Information:
  46. Forward Flow based lookup yields rule:
  47. in id=0x7f98cedfc200, priority=501, domain=permit, deny=true
  48. hits=6, user_data=0x7, cs_id=0x0, reverse, flags=0x0, protocol=0
  49. src ip/id=100.100.0.1, mask=255.255.255.255, port=0, tag=any
  50. dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
  51. input_ifc=locale_interface, output_ifc=any
  52.  
  53. Result:
  54. input-interface: locale_interface
  55. input-status: up
  56. input-line-status: up
  57. output-interface: outside_access
  58. output-status: up
  59. output-line-status: up
  60. Action: drop
  61. Drop-reason: (acl-drop) Flow is denied by configured rule
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!