Professional Documents
Culture Documents
Understanding The Rules in The - Show Asp Table Classify Crypto - Output - Tech Zone
Understanding The Rules in The - Show Asp Table Classify Crypto - Output - Tech Zone
Tech Zone Tech Zone Knowledge Base Security Knowledge Base Virtual Private Networks (VPN) Knowledge Base VPN Staging
Understanding the rules in the "show asp table classify crypto" output
2
Understanding the rules in the "show asp table classify crypto" output Kudos
Understanding the rules in the "show asp table classify crypto" output Reminder: Link Your Cases
(10,574 Views)
Please remember to link your support
cases to Tech Zone articles or
by atbasu on 04-08-2013 10:50 AM discussions that help you solve them.
This helps everyone understand which
Activity: Troubleshooting content is most useful, gives credit to the
Product (Cisco): ASA contributors, and could impact what
Protocol, Standards & Languages: IPsec appears in Topic Search results and which
articles get published externally for our
customers to read.
FIRE19-5505(config)# sh asp table classify crypto Instructions for linking cases are here, and
additional information is here.
Interface outside:
****** The decrypt rules are for the outer header, therefore they all have the same address. ******
----- Public to public SPI = 0x2F083E0C Publishing Life Cycle
in id=0xd85c2018, priority=70, domain=decrypt, deny=false
Step 1: Internal
hits=0, user_data=0xf8cfac, cs_id=0x0, reverse, flags=0x0, protocol=50
src ip=209.194.208.101, mask=255.255.255.255, port=2095 Step 2: External Preview
dst ip=67.79.40.14, mask=255.255.255.255, port=3134, dscp=0x0
Step 3: External
----- NEM to Any SPI = 0x10212561
****** The ipsec-tunnel-flow rules verify that the decrypted traffic matches what was negotiated
------ Tunnel flow rule for public to public Actions
in id=0xd85c1f80, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=82, user_data=0xf8cfac, cs_id=0x0, reverse, flags=0x0, protocol=0 Edit Article
src ip=209.194.208.101, mask=255.255.255.255, port=0
Flag for Improvement
dst ip=67.79.40.14, mask=255.255.255.255, port=0, dscp=0x0
Nominate for External Publication
Article Options
------ Tunnel flow rule for any to NEM networks
in id=0xd85253e0, priority=69, domain=ipsec-tunnel-flow, deny=false
hits=1550, user_data=0xfcff84, cs_id=0x0, reverse, flags=0x0, protocol=0 Labels
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=172.23.119.0, mask=255.255.255.0, port=0, dscp=0x0 Activity:
Troubleshooting
------ NAT-T
Contributors
in id=0xd7f808c8, priority=12, domain=ipsec-natt, deny=false
hits=0, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=17
src ip=0.0.0.0, mask=0.0.0.0, port=0 atbasu
dst ip=67.79.40.14, mask=255.255.255.255, port=4500, dscp=0x0
https://techzone.cisco.com/t5/Virtual-Private-Networks-Staging/Understanding-the-rules-in-the-quot-show-asp-table-classify/ta-p/217046 1/3
3/23/2020 Understanding the rules in the "show asp table classify crypto" output - Tech Zone
------ Default tunnel flow deny rule - IPv4 ccondon
in id=0xd8392a10, priority=12, domain=ipsec-tunnel-flow, deny=true
hits=4, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Case Links
------ Default tunnel flow deny rule - IPv6
in id=0xd8392bc0, priority=12, domain=ipsec-tunnel-flow, deny=true 1111640821 Same Problem
hits=0, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip=::/0, port=0 629747911 Not Same, but Helpful
dst ip=::/0, port=0
636812171 Not Same, but Helpful
Interface inside:
in id=0xd837e2c0, priority=12, domain=aaa-user, deny=false
hits=66768, user_data=0xd613c360, cs_id=0x0, flags=0x0, protocol=0
src ip=172.23.119.0, mask=255.255.255.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
in id=0xd837e468, priority=12, domain=aaa-user, deny=true
hits=0, user_data=0xd613c310, cs_id=0x0, flags=0x0, protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Interface _internal_loopback:
Interface identity:
https://techzone.cisco.com/t5/Virtual-Private-Networks-Staging/Understanding-the-rules-in-the-quot-show-asp-table-classify/ta-p/217046 2/3
3/23/2020 Understanding the rules in the "show asp table classify crypto" output - Tech Zone
2 Kudos
Hide Comments
Comments
Post a Comment
Email me when someone replies
https://techzone.cisco.com/t5/Virtual-Private-Networks-Staging/Understanding-the-rules-in-the-quot-show-asp-table-classify/ta-p/217046 3/3