VPN ALL

Cisco ASA Troubleshooting commands

Some of the useful troubleshooting commands are listed below:
For help; type any command followed by ? example: show?

Show ARP
#show arp

Show Banner message
#show banner

Show Connection timeout settings
#show timeout

Show CPU Usage
#show cpu usage

Show Current connections
#show conn
#show conn count
#show established
#show session
#show traffic
#show perfmon

Show policy rules
#show access-group
#show access-list
#show conduit (in older versions)

Show High Availability
#show fail

Show Interface settings

#sh int ip bri
#show nameif – to check interface security levels
#show interface – to check interface status
#show interface statistics – for more detailed info
#show perfmon
#show ip

Show License Info
#show version
#show activation-key

Show Log settings
#show logging

Show memory usage
#show memory
#show blocks

Show NAT/Statics
#show nat
#show global
#show static
#show xlate
#clear xlate global-ip local-ip

Show network/service group objects
# show object-group

Show radius settings
#show aaa
#show radius-server

Show route table
#show route

Show NTP
#show ntp status
#show ntp associations detail

Show SNMP
#show snmp
#show snmp-server

Show TFTP
#show tftp
#show tftp-server

Tech-support/ to get output of all important commands (extensive)
#show tech-support

Show uptime
#show version

User’s/ permissions and authentication
#show user
#show uauth

Show VPN
#show crypto isakmp sa
#show crypto ipsec sa
#show transform-set
#show crypto map

To perform debug
#debug packet
example: #debug packet outside src-ip 192.168.1.2
#debug packet icmp
#show debug
#undebug all

note: never run the command “debug packet outside” and make sure to undebug once the troubleshooting is over