Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- act/Lab2/FWasa1# show cryp ipse sa
- interface: outside_access
- Crypto map tag: acces_map, seq num: 1, local addr: x.x.x.x
- access-list crypto_map extended permit ip 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0
- local ident (addr/mask/prot/port): (100.100.0.0/255.255.255.0/0/0)
- remote ident (addr/mask/prot/port): (100.100.1.0/255.255.255.0/0/0)
- current_peer: y.y.y.y
- #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
- #pkts decaps: 2640, #pkts decrypt: 2640, #pkts verify: 2640
- #pkts compressed: 0, #pkts decompressed: 0
- #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
- #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
- #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
- #TFC rcvd: 0, #TFC sent: 0
- #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
- #send errors: 0, #recv errors: 0
- act/Lab2/FWasa1# show access-list crypto_map
- access-list crypto_map; 2 elements; name hash: 0x2b034900
- access-list crypto_map line 1 extended permit ip object local_network object remote_network (hitcnt=8) 0xd0d5d370
- access-list crypto_map line 1 extended permit ip 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0 (hitcnt=8) 0xd0d5d370
- access-list crypto_map line 2 extended permit icmp object local_network object remote_network (hitcnt=0) 0x1adc0eab
- access-list crypto_map line 2 extended permit icmp 100.100.0.0 255.255.255.0 100.100.1.0 255.255.255.0 (hitcnt=0) 0x1adc0eab
- act/Lab2/FWasa1# packet-tracer input locale_interface icmp 100.100.0.1 8 0 100.100.1.1
- Phase: 2
- Type: ROUTE-LOOKUP
- Subtype: Resolve Egress Interface
- Result: ALLOW
- Config:
- Additional Information:
- found next-hop x.x.x.x using egress ifc outside_access
- Phase: 2
- Type: ACCESS-LIST
- Subtype:
- Result: DROP
- Config:
- Implicit Rule
- Additional Information:
- Forward Flow based lookup yields rule:
- in id=0x7f98cedfc200, priority=501, domain=permit, deny=true
- hits=6, user_data=0x7, cs_id=0x0, reverse, flags=0x0, protocol=0
- src ip/id=100.100.0.1, mask=255.255.255.255, port=0, tag=any
- dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
- input_ifc=locale_interface, output_ifc=any
- Result:
- input-interface: locale_interface
- input-status: up
- input-line-status: up
- output-interface: outside_access
- output-status: up
- output-line-status: up
- Action: drop
- Drop-reason: (acl-drop) Flow is denied by configured rule
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement