大家或多或少会遇在使用Cisco 的安全产品时,如何排除故障 如何收集有效信息?下面我们将给出一些常用命令用于收集信息:
1、ASA 和 PIX 产品
最重要的两个利器
1) Syslog server 记录日志
logging on
logging timestamp
logging trap information
logging host inside x.x.x.x (syslog server)
2)Capture 抓包
Step 1: create ACL for both inside and outside Interface
! Outside Capture ACL
Access-list 100 permit tcp host 192.168.2.2 host 198.133.219.25 eq 80
Access-list 100 permit tcp host 198.133.219.25 eq 80 host 192.168.2.2
! Inside Capture ACL
Access-list 101 permit tcp host 10.1.3.2 host 198.133.219.25 eq 80
Access-list 101 permit tcp host 198.133.219.25 eq 80 host 10.1.3.2
Step 2: create captures on both inside and outside interface
capture out access-list 100 interface outside packet-length 1500
capture in access-list 101 interface inside packet-length 1500
Step 3: have inside user access www.cisco.com
Step 4: copy the captures off to a TFTP server
! ver 7.0+ copy capture
copy /pcap capture:out tftp://10.1.3.5/out.pcap
copy /pcap capture:in tftp://10.1.3.5/in.pcap
! Ver 6.x copy capture
copy capture:out tftp://10.1.3.5/out.pcap pcap
copy capture:in tftp://10.1.3.5/in.pcap pcap
OR copy using https:
https://
