Cisco ASA troubleshooting commands itsecworks. With my requirements for any networking layer 3 security device I collected the basic commands that you have to know or you will not be able to manage your device. Check the basic settings and firewall states. Check the system status. Check the hardware performance. Check the High Availability state. Check the session table of the firewall. Check the interface settings. Its difficult to a get any documentation from Cisco that confirms the forwarding performance of the ASA firewall. However, once you have got a unit, the show. Check the state, speed and duplexity an IP of the interfaces. Check the ARP Table. DwrwQkd5hk/Uf-WZZuWJtI/AAAAAAAABHs/-ExPFPAHiE4/s1600/lic0.JPG' alt='Asa Failover Serial Number' title='Asa Failover Serial Number' />Basic ASA Configuration. Before dealing with any specific configuration procedure for the Adaptive Security Appliance ASA, you need to understand a set of basic. Cisco PIX Private Internet eXchange was a popular IP firewall and network address translation NAT appliance. It was one of the first products in this market segment. Note The ASA 5505 series adaptive security appliance does not support Stateful Failover or ActiveActive failover. Myfirewallpriactconfig sh failover state State Last Failure Reason DateTime This host Primary Active None Other host. Check the Routing Table. Check the matching route. VPN Troubleshooting. Change the tunnel state. Check the tunnel state. Check packet counters for the tunnel. Check the uptime of the VPN Tunnels. Sniffertrace. 5. 2 Test traffic through the firewall. Test tcp traffic from the firewall. View logging on cli. Configure logging. Viewing the logs. Inspection and asp drop. Threat Detection check the top talkers9. Backup and Restore. Check the basic settings and firewall states. Asa Failover Serial Number' title='Asa Failover Serial Number' />Check the system status. To see the actual software version, operational mode, HA, etc and the system time myfirewallpriact show firewall. Firewall mode Router. Cisco Adaptive Security Appliance Software Version 9. Device Manager Version 7. Compiled on Wed 2. Nov 1. 2 1. 0 3. System image file is disk. Config file at boot was startup config. Hardware ASA5. 52. MB RAM, CPU Pentium 4 Celeron 2. MHz. Internal ATA Compact Flash, 2. MB. BIOS Flash M5. FW0. 80 0xfff. 00. KB. Encryption hardware device Cisco ASA 5. Boot microcode CN1. MC BOOT 2. 0. 0. SSLIKE microcode CNLite MC SSLm PLUS 2. IPSec microcode CNlite MC IPSECm MAIN 2. Number of accelerators 1. Ext Gigabit. Ethernet. Ext Gigabit. Ethernet. Ext Gigabit. Ethernet. Ext Gigabit. Ethernet. Ext Management. 00 address is 0. Int Not used irq 1. Int Not used irq 5. Licensed features for this platform. Maximum Physical Interfaces Unlimited perpetual. Maximum VLANs 1. Inside Hosts Unlimited perpetual. Failover ActiveActive perpetual. Encryption DES Enabled perpetual. Encryption 3. DES AES Enabled perpetual. Security Contexts 2 perpetual. GTPGPRS Disabled perpetual. Any. Connect Premium Peers 2 perpetual. Any. Connect Essentials Disabled perpetual. Other VPN Peers 7. Total VPN Peers 7. Shared License Disabled perpetual. Any. Connect for Mobile Disabled perpetual. Any. Connect for Cisco VPN Phone Disabled perpetual. Advanced Endpoint Assessment Disabled perpetual. UC Phone Proxy Sessions 2 perpetual. Sky Full Of Stars Flac. Total UC Proxy Sessions 2 perpetual. Botnet Traffic Filter Disabled perpetual. Intercompany Media Engine Disabled perpetual. Cluster Disabled perpetual. Ulead Photoimpact 7 there. This platform has an ASA 5. VPN Plus license. Failover cluster licensed features for this platform. Maximum Physical Interfaces Unlimited perpetual. Maximum VLANs 1. Inside Hosts Unlimited perpetual. Failover ActiveActive perpetual. Encryption DES Enabled perpetual. Encryption 3. DES AES Enabled perpetual. Security Contexts 4 perpetual. GTPGPRS Disabled perpetual. Any. Connect Premium Peers 4 perpetual. Shared License Disabled perpetual. Any. Connect for Mobile Disabled perpetual. Any. Connect for Cisco VPN Phone Disabled perpetual. Advanced Endpoint Assessment Disabled perpetual. UC Phone Proxy Sessions 4 perpetual. Total UC Proxy Sessions 4 perpetual. Botnet Traffic Filter Disabled perpetual. Intercompany Media Engine Disabled perpetual. Cluster Disabled perpetual. This platform has an ASA 5. VPN Plus license. Serial Number JMX4. L1. DA. Running Permanent Activation Key 0x. Configuration register is 0x. Configuration last modified by admin at 1. CEDT Fri Sep 1. 3 2. The failover state. State Last Failure Reason DateTime. This host Primary. Active None. Other host Secondary. Standby Ready Ifc Failure 1. CEDT Jun 1. 0 2. 01. Failed. inside Failed. Configuration State. Sync Done. Sync Done STANDBY. Communication State. Mac set. To see what the firewall has seen so far, the traffic mix conserning the enabled inspections myfirewallpriactconfig sh service policy. Global policy. Service policy globalpolicy. Class map inspectiondefault. Inspect dns presetdnsmap, packet 6. Inspect ftp, packet 0, drop 0, reset drop 0, v. Inspect netbios, packet 2. Inspect tftp, packet 0, drop 0, reset drop 0, v. Inspect icmp, packet 1. Inspect icmp error, packet 1. Inspect dcerpc, packet 1. Check the hardware performance. To see what is the state of the cpu and the memory myfirewallpriactconfig sh cpu usage. CPU utilization for 5 seconds 8 1 minute 9 5 minutes 9. Free memory 1. Used memory 4. Total memory 2. PC Thread 5. Sec 1. Min 5. Min Process. Dispatch Unit. 0x. ARP Thread. 0x. 09. IP Thread. 0x. 08. CTM message handler. Web. VPN KCD Process. CF OIR. 0x. 08eafaec 0x. Reload Control Thread. User. From. Cert Thread. CMGR Server Process. CMGR Timer Process. CTM Daemon. 0x. 08. SXP CORE. 0x. 08. RBM CORE. 0x. 08. Invoked Giveups MaxRuntime Process. Dispatch Unit. 3. Web. VPN KCD Process. CF OIR. 1 0 0. Reload Control Thread. User. From. Cert Thread. CMGR Server Process. CMGR Timer Process. CTM Daemon. 6. 2 0 0. SXP CORE. myfirewallpriactconfig sh perfmon. PERFMON STATS Current Average. Xlates 0s 0s. Connections 0s 0s. TCP Conns 0s 0s. UDP Conns 0s 0s. URL Access 0s 0s. URL Server Req 0s 0s. TCP Fixup 0s 0s. TCP Intercept Established Conns 0s 0s. TCP Intercept Attempts 0s 0s. TCP Embryonic Conns Timeout 0s 0s. HTTP Fixup 0s 0s. FTP Fixup 0s 0s. AAA Authen 0s 0s. AAA Author 0s 0s. AAA Account 0s 0s. VALID CONNS RATE in TCP INTERCEPT Current Average. NA 1. 00. 0. Check the High Availability stateto get the High Availability state info with show failover command myfirewallpriactconfig show failover Show failover interface descriptors. Two numbers are shown for. When exchanging information regarding a. And it expects the second number in. For trouble shooting, collect. Show failover command execution information. Show failover switching history. Show failover command interface information. Show failover internal state information. Show failover command interface statistics information. Output modifiers. Check the failover state myfirewallpriactconfig show failover. Failover unit Primary. Failover LAN Interface failover Gigabit. Ethernet. 02 up. Unit Poll frequency 1 seconds, holdtime 1. Interface Poll frequency 5 seconds, holdtime 2. Interface Policy 1. Monitored Interfaces 3 of 1. Version Ours 9. 11, Mate 9. Last Failover at 0. CEST Feb 1. 2 2. 01. This host Primary Active. Active time 1. 88. ASA5. 52. 0 hwsw rev 2. Up Sys. Interface dmz. Normal Monitored. Interface dmz. 6 1. Normal Not Monitored. Interface inside 1. Normal Monitored.