[c-nsp] ASA Debug

Jimmy Stewpot mailers at oranged.to
Sun Feb 28 22:32:08 EST 2010


I am interested to know if there is some more information relating to the debugging of the Cisco ASA products/software. I have extensive experience with other firewall/security products and have been unable to find how to do flow debugging on the ASA's. What I am trying to diagnose is why we keep getting Deny/Drop packets for SIP on a random basis. I would like to diagnose/debug the flow of the packet through the device so that we can see why its not being inspected by the SIP ALG and in turn gets dropped. I've set the following options

logging monitor debugging
logging buffered debugging
logging trap debugging 

And it still does not really go into any further detail. I've also setup captures so that we can analyse the packets coming in. If I compare one working SIP call to a dropped incoming call then there is no obvious difference. Any additional advice would be greatly appreciated.


Jimmy Stewpot.

More information about the cisco-nsp mailing list