82-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter82 Troubleshooting
Testing Your Configuration
Enabling ICMP Debugging Messages and Syslog Messages
Debugging messages and syslog messages can help you troubleshoot why your pings are not successful.
The ASA only shows ICMP debugging messages for pings to the ASA interfaces, and not for pings
through the ASA to other hosts. To enable debugging and syslog messages, perform the following steps:
To enable ICMP inspection to the default global policy, perform the following steps:
Command Purpose
Step1 debug icmp trace
Example:
hostname(config)# debug icmp trace
Shows ICMP packet information for pings to the ASA interfaces.
Step2 logging monitor debug
Example:
hostname(config)# logging monitor debug
Sets syslog messages to be sent to Telnet or SSH sessions.
Note You can alternately use the logging buffer debug
command to send log messages to a buffer, and then view
them later using the show logging command.
Step3 terminal monitor
Example:
hostname(config)# terminal monitor
Sends the syslog messages to a Telnet or SSHsession.
Step4 logging on
Example:
hostname(config)# logging on
Enables syslog message generation.
Command Purpose
Step1 policy-map name
Example:
hostname(config)# policy-map global_policy
Configures the policy map and attach the action to the class of
traffic.
Step2 class classmap_name
Example:
hostname(config-pmap)# class
inspection_default
Assigns a class map to the policy map so that you can assign
actions to the class map traffic.
Step3 inspect icmp
Example:
hostname(config)# inspect icmp
Enables ICMP inspection.