1-5
Cisco ASA Series CLI Configuration Guide
Chapter 1 Troubleshooting
Capturing Packets
both include forwarded data traffic and cluster LU messages. The TTL field in the IP address header is
encoded to differentiate between these two types of packets. When forwarded data packets are captured,
their clustering trailers are included in the capture file for debugging purposes.
In multiple context mode, although the cluster interface belongs to the system context, users can see the
interface, so they can configure captures on the cluster link in user contexts. In the system context, both
control plane and data plane packets are available. The data plane captures LU packets and forwarded
data packets that belong only to the system context. In user contexts, control plane packets are not
visible. Only forwarded data packets that belong to a specified user context and LU packets are captured.
For security purposes, each context can only see the packets that belong to it.
Guidelines and Limitations
This section includes the guidelines and limitation for this feature.
Most of the limitations are the result of the distributed nature of the ASA architecture and the hardware
accelerators that are being used in the ASA.
•
You can only capture IP traffic; you cannot capture non-IP packets such as ARPs.
•
For cluster control link capture in multiple context mode, only the packet that is associated with the
context sent in the cluster control link is captured.
•
In multicontext mode, the
copy capture
command is available only in the system space. The syntax
is as follows:
copy
/
pcap capture
:
Context-name
/
in-cap
tftp
:
Where
in-cap
is the capture configured in the context
context-name
•
The
cluster exec capture realtime
command is not supported. The following error message
appears:
Error: Real-time capture can not be run in cluster exec mode.
•
For a shared VLAN, the following guidelines apply:
–
You can only configure one capture for the VLAN; if you configure a capture in multiple
contexts on the shared VLAN, then only the last capture that was configured is used.
–
If you remove the last-configured (active) capture, no captures become active, even if you have
previously configured a capture in another context; you must remove the capture and add it
again to make it active.
–
All traffic that enters the interface to which the capture is attached is captured, including traffic
to other contexts on the shared VLAN.
–
Therefore, if you enable a capture in Context A for a VLAN that is also used by Context B, both
Context A and Context B ingress traffic are captured.
•
For egress traffic, only the traffic of the context with the active capture is captured. The only
exception is when you do not enable the ICMP inspection (therefore the ICMP traffic does not have
a session in the accelerated path). In this case, both ingress and egress ICMP traffic for all contexts
on the shared VLAN is captured.
•
Configuring a capture typically involves configuring an access list that matches the traffic that needs
to be captured. After an access list that matches the traffic pattern is configured, then you need to
define a capture and associate this access list to the capture, along with the interface on which the
capture needs to be configured.
After you have performed a cluster-wide capture, to copy the same cluster-wide capture file to a TFTP
server, enter the following command on the master unit:
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......