Tech Commands for Cisco ASA Firewall

**********************
Cisco Pix/ASA
**********************

// PACKET CAPTURE
access-list cap permit ip host <source> host <destination>
access-list cap permit ip host <destination> host <source>
capture name_in access-list m-cap int <inside-interface>
capture name_out access-list m2-cap int <outside-interface> 
cap asp type asp-drop all

You can also use the "match" parameter with capture instead of using ACLs:
capture m_cap interface outside match ip host 127.0.0.1 any

Use "show cap  to display results.

// STATIC
(HL) HH        NONAT
(HL) LH        1-to-1
static (inside,outside) 64.0.0.0 192.168.1.0 netmask 255.255.255.0
//if removing a static, use the following


***NATs follow this order: nat 0 -> Statics -> globals + nats

// SET BACKUP AS PRIMARY

// VARIOUS
name <ip> <desired alias>
route <interface> <ip address to be routed> <subnet mask> <gateway IP>

// COPY CONFIG
conf t
names
sh ru | grep -v
no names
exit

// CREATING AN INTERFACE

 conf t
interface GigabitEthernet0/2.40
description Merchant DMZ
vlan 40
nameif mercdmz
security-level 5
ip address 192.168.1.2 255.255.255.0 standby 192.168.1.3
exit

// Cisco VPN Commands

 **Shows current tunnels and their status

 **Shows stats on each tunnel (in/out packet counts)

 **Shows encryption settings for all policies

 **Shows parameters for each peer / tunnel

//Set how many lines per page
term pager 0

// Setup logging debug
sh run logg
logg buffered debugg
logg buffer-size 1048576
sh logg | in  10.x.x.x (IP configured for logging)