tag:blogger.com,1999:blog-2389956241305033255.post4963659414371469590..comments2023-04-26T01:13:49.809-05:00Comments on Cisco Help: ASA Firewall Packet-Tracer CommandUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-2389956241305033255.post-86864541787244891662015-04-10T07:22:06.694-05:002015-04-10T07:22:06.694-05:00So, if I'm reading this right, you're ping...So, if I'm reading this right, you're pinging something external from an internal host. Also, you mention an acl on the inside interface. Check your acl applied to the outside interface and make sure you're allowing icmp traffic from the external destination.Adminhttps://www.blogger.com/profile/16259020595326009621noreply@blogger.comtag:blogger.com,1999:blog-2389956241305033255.post-58768772054932586782015-03-31T20:35:52.589-05:002015-03-31T20:35:52.589-05:00In your examples, in phase 2 ACL, you get an allow...In your examples, in phase 2 ACL, you get an allow in the top example, and that packet will be allowed to pass. <br />In the bottom example using ssh, phase 2 gives you drop with no acl lines or acl name, and you get a drop as the end result. <br />I'm troubleshooting not being able to get an icmp request back from a host on the inside to the outside. I'm getting an allow in phase 2 with a line from the acl on the inside int, but getting a drop in the end for reason "(acl-drop) Flow is denied by configured rule" with no more explanation given to indicate which acl or rule. <br />What gives?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2389956241305033255.post-30676363125041124062013-06-24T18:35:26.553-05:002013-06-24T18:35:26.553-05:00The source port from "packet-tracer's&quo...The source port from "packet-tracer's" perspective is always unimportant. It just needs to be an ephemeral port (something above 1024). <br />Typically in client-server communication, the client uses an ephemeral port to request something from the server. Different services are associated with different ports on the server. These are referred to as "listening ports." So, a web server usually "listens" on ports 80, 443 (http/https). <br />Hope that's clear as mud!!<br /><br />AuthorAdminhttps://www.blogger.com/profile/16259020595326009621noreply@blogger.comtag:blogger.com,1999:blog-2389956241305033255.post-82629991417276317442012-12-02T08:37:08.242-06:002012-12-02T08:37:08.242-06:00Good and Thank youGood and Thank youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2389956241305033255.post-81933771987580742522012-02-20T13:28:45.471-06:002012-02-20T13:28:45.471-06:00Hi, I like this feature but I'm trying to use ...Hi, I like this feature but I'm trying to use this on a production node. My question to you is, when you don't know the source port # how would you use this feature?<br /><br />Thanks!Anonymousnoreply@blogger.com