+ Reply to Thread
Results 1 to 3 of 3
  1. Cisco Focus steele84's Avatar
    Join Date
    Jul 2015
    Location
    Iowa
    Posts
    60

    Certifications
    CCENT, VCA, Unitrends Y
    #1

    Default Shamefully admitting a problem that I shouldn't have. packet-tracer flow directions

    Hey all I have a problem when using the CLI packet-tracer.... I cannot get my head wrapped around the "input" interface. I always end up with a huge question mark over my head trying to decided which direction I should be testing from and end up guessing some times. So for example:

    Interfaces:
    inside 192.168.1.0
    outside internet

    I'm wanting to see if 8.8.8.8 is allowed to talk inside to 192.168.1.10:

    is this correct ?
    packet-tracer input outside tcp 8.8.8.8 80 192.168.1.10 80 detailed

    or is this the correct format ?
    packet-tracer input outside tcp 192.168.1.10 80 8.8.8.8 80 detailed


    For the life of me I can't find a way to set this straight in my mind. If anyone has any tips please let me know.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    309

    Certifications
    CCNP R&S, CCNA(Security/Data Center), PCNSE 7, MCITP: Exchange 2010
    #2
    You're good on the first one.

    packet-tracer input OUTSIDE tcp [SRC_HOST] [SRC_PORT] [DST_HOST] [DST_PORT]
    Reply With Quote Quote  

  4. Cisco Focus steele84's Avatar
    Join Date
    Jul 2015
    Location
    Iowa
    Posts
    60

    Certifications
    CCENT, VCA, Unitrends Y
    #3
    Ok so I think my biggest problem would be when we take it down stream a little further (that and I have to wrap my head around that packet tracer only inspects input data) so if I wanted to look at the same from the inside it wouldn't be the same.

    packet-tracer input inside tcp 192.168.1.10 80 8.8.8.8 80 it would obviously be allowed because of security zones correct? like 100 - 0. But the point is that it isn't the same test.

    I cannot test on the inside interface if 8.8.8.8 is allowed on 192.168.1.10 correct ???
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks