+ Reply to Thread
Results 1 to 3 of 3
  1. Cisco Focus steele84's Avatar
    Join Date
    Jul 2015
    Location
    Iowa
    Posts
    60

    Certifications
    CCENT, VCA, Unitrends Y
    #1

    Default Shamefully admitting a problem that I shouldn't have. packet-tracer flow directions

    Hey all I have a problem when using the CLI packet-tracer.... I cannot get my head wrapped around the "input" interface. I always end up with a huge question mark over my head trying to decided which direction I should be testing from and end up guessing some times. So for example:

    Interfaces:
    inside 192.168.1.0
    outside internet

    I'm wanting to see if 8.8.8.8 is allowed to talk inside to 192.168.1.10:

    is this correct ?
    packet-tracer input outside tcp 8.8.8.8 80 192.168.1.10 80 detailed

    or is this the correct format ?
    packet-tracer input outside tcp 192.168.1.10 80 8.8.8.8 80 detailed


    For the life of me I can't find a way to set this straight in my mind. If anyone has any tips please let me know.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Oct 2016
    Location
    NJ
    Posts
    430

    Certifications
    CCNP R&S, CCNA(Security/Data Center), PCNSE, CySA+ and others
    #2
    You're good on the first one.

    packet-tracer input OUTSIDE tcp [SRC_HOST] [SRC_PORT] [DST_HOST] [DST_PORT]
    Reply With Quote Quote  

  4. Cisco Focus steele84's Avatar
    Join Date
    Jul 2015
    Location
    Iowa
    Posts
    60

    Certifications
    CCENT, VCA, Unitrends Y
    #3
    Ok so I think my biggest problem would be when we take it down stream a little further (that and I have to wrap my head around that packet tracer only inspects input data) so if I wanted to look at the same from the inside it wouldn't be the same.

    packet-tracer input inside tcp 192.168.1.10 80 8.8.8.8 80 it would obviously be allowed because of security zones correct? like 100 - 0. But the point is that it isn't the same test.

    I cannot test on the inside interface if 8.8.8.8 is allowed on 192.168.1.10 correct ???
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks