Let’s see a very useful tool available on the Cisco ASA CLI. Command packet-tracer. It also has a graphical tool available with ASDM.

Passing to this command some connection parameters, even real of ficticious, the ASA will evaluate all rules and operations implied on the transmission of the packet, showing us if it will be forwarded or dropped, why and where.

So we have a very powerful tool that will help us on both, studying ASA operation, as for troubleshooting.

As a picture is worth a thousand words, I give you two videos. You’ll see the usage of the command on both, CLI and ASDM.

09/19 - Video uploaded to Youtube

09/19 - Video uploaded to Youtube