Help with debug commands
I’m not familiar with the NS and I need to debug why the NS is blocking traffic from certain hosts in my untrusted LAN to my trusted LAN. From my trusted I can ping all day the problematic hosts in my Untrusted LAN.
From the problematic hosts I can ping the internal interface of my trusted LAN over the VPN tunnel so it’s routing correctly and the PIX is letting the ping through the VPN tunnel. But I can’t ping other hosts.
I know it sounds like a policies issue but I don’t see anything logged anywhere.
joekim13 last edited by
another way to stop all debug and snoops is to simply hit the ‘esc’ key or by logging out if your logged in via telnet/ssh.
if you want to quickly just see what getting dropped a better debug is
debug flow drop
if you tell us the the type of traffic it might help…
You have to enter the set ff commands before you start the debug with debug flow basic.
How do you apply the filter to the debug stream?
I will try it out. Thanks for your help!!
gauthier last edited by
The way for debuging is:
- debug flow basic (or you can change, with the Tab key, you will see a list)
- clear db (to clear the buffer)
- do what you have to do
- undebug all (to stop the debugging)
- get db st (to display the debug output).
But if you do only that, you will have a lot of garbage.
You can create some filters with:
- set ff dst-ip X.X.X.X (Tab key to see the list of possible filters)
- get ff (to check your filters)
- unset ff (to clear filters)
Hope it will help you