Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 551

    Page 551 23-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 23 Configuring QoS Monitoring QoS For traffic shaping, you can only use the class-default class map, which is automatically created by the ASA, and which matches all traffic. You cannot configure traffic shaping and standard priority queuing for the same interface; only hierarchical priority queuing is allowed. See the “How QoS Features Interact” section on page 23-4 for information about valid QoS configurations. You cannot... 
     
23-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 23      Configuring QoS
  Monitoring QoS
For traffic shaping, you can only use the class-default class map, which is automatically created by 
the ASA, and which matches all traffic.
You cannot configure traffic shaping and standard priority queuing for the same interface; only 
hierarchical priority queuing is allowed. See the “How QoS Features Interact” section on page 23-4 
for information about valid QoS configurations.
You cannot...

    Page 552

    Page 552 23-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 23 Configuring QoS Monitoring QoS Viewing QoS Standard Priority Queue Statistics, page 23-13 Viewing QoS Police Statistics To view the QoS statistics for traffic policing, use the show service-policy command with the police keyword: ciscoasa# show service-policy police The following is sample output for the show service-policy police command: ciscoasa# show service-policy police Global policy: Service-policy: global_fw_policy... 
     
23-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 23      Configuring QoS
  Monitoring QoS
Viewing QoS Standard Priority Queue Statistics, page 23-13
Viewing QoS Police Statistics
To view the QoS statistics for traffic policing, use the show service-policy command with the police 
keyword:
ciscoasa# show service-policy police
The following is sample output for the show service-policy police command:
ciscoasa# show service-policy police
Global policy:
Service-policy: global_fw_policy...

    Page 553

    Page 553 23-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 23 Configuring QoS Monitoring QoS Viewing QoS Shaping Statistics To view statistics for service policies implementing the shape command, use the show service-policy command with the shape keyword: ciscoasa# show service-policy shape The following is sample output for the show service-policy shape command: ciscoasa# show service-policy shape Interface outside Service-policy: shape Class-map: class-default... 
     
23-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 23      Configuring QoS
  Monitoring QoS
Viewing QoS Shaping Statistics
To view statistics for service policies implementing the shape command, use the show service-policy 
command with the shape keyword:
ciscoasa# show service-policy shape
The following is sample output for the show service-policy shape command:
ciscoasa# show service-policy shape
Interface outside 
  Service-policy: shape
    Class-map: class-default...

    Page 554

    Page 554 23-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 23 Configuring QoS Feature History for QoS Priority-Queue Statistics interface test Queue Type = BE Packets Dropped = 0 Packets Transmit = 0 Packets Enqueued = 0 Current Q Length = 0 Max Q Length = 0 Queue Type = LLQ Packets Dropped = 0 Packets Transmit = 0 Packets Enqueued = 0 Current Q Length = 0 Max Q Length = 0 ciscoasa# In this statistical report, the meaning of the line items is as... 
     
23-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 23      Configuring QoS
  Feature History for QoS
Priority-Queue Statistics interface test
Queue Type        = BE
Packets Dropped   = 0
Packets Transmit  = 0
Packets Enqueued  = 0
Current Q Length  = 0
Max Q Length      = 0
Queue Type        = LLQ
Packets Dropped   = 0
Packets Transmit  = 0
Packets Enqueued  = 0
Current Q Length  = 0
Max Q Length      = 0
ciscoasa#
In this statistical report, the meaning of the line items is as...

    Page 555

    Page 555 CH A P T E R 24-1 Cisco ASA Series Firewall ASDM Configuration Guide 24 Troubleshooting Connections and Resources This chapter describes how to troubleshoot the ASA and includes the following sections: Testing Your Configuration, page 24-1 Monitoring Performance, page 24-8 Monitoring System Resources, page 24-9 Monitoring Connections, page 24-11 Monitoring Per-Process CPU Usage, page 24-12 Testing Your Configuration This section describes how to test connectivity for the single mode ASA or for each... 
    CH A P T E R
 
24-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
24
Troubleshooting Connections and Resources
This chapter describes how to troubleshoot the ASA and includes the following sections:
Testing Your Configuration, page 24-1
Monitoring Performance, page 24-8
Monitoring System Resources, page 24-9
Monitoring Connections, page 24-11
Monitoring Per-Process CPU Usage, page 24-12
Testing Your Configuration
This section describes how to test connectivity for the single mode ASA or for each...

    Page 556

    Page 556 24-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 24 Troubleshooting Connections and Resources Testing Your Configuration The diagram should also include any directly connected routers and a host on the other side of the router from which you will ping the ASA. (See Figure 24-1.) Figure 24-1 Network Diagram with Interfaces, Routers, and Hosts Step 2 Ping each ASA interface from the directly connected routers. For transparent mode, ping the management IP address. This test... 
     
24-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 24      Troubleshooting Connections and Resources
  Testing Your Configuration
The diagram should also include any directly connected routers and a host on the other side of the router 
from which you will ping the ASA. (See Figure 24-1.)
Figure 24-1 Network Diagram with Interfaces, Routers, and Hosts
Step 2
Ping each ASA interface from the directly connected routers. For transparent mode, ping the 
management IP address. This test...

    Page 557

    Page 557 24-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 24 Troubleshooting Connections and Resources Testing Your Configuration Figure 24-3 Ping Failure Because of IP Addressing Problems Step 3 Ping each ASA interface from a remote host. For transparent mode, ping the management IP address. This test checks whether the directly connected router can route the packet between the host and the ASA, and whether the ASA can correctly route the packet back to the host. A ping might fail if... 
     
24-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 24      Troubleshooting Connections and Resources
  Testing Your Configuration
Figure 24-3 Ping Failure Because of IP Addressing Problems
Step 3
Ping each ASA interface from a remote host. For transparent mode, ping the management IP address. 
This test checks whether the directly connected router can route the packet between the host and the 
ASA, and whether the ASA can correctly route the packet back to the host.
A ping might fail if...

    Page 558

    Page 558 24-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 24 Troubleshooting Connections and Resources Testing Your Configuration Administrators can use the ASDM Ping interactive diagnostic tool in these ways: Loopback testing of two interfaces—A ping may be initiated from one interface to another on the same ASA, as an external loopback test to verify basic “up” status and operation of each interface. Pinging to an ASA—The Ping tool can ping an interface on another ASA to verify that... 
     
24-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 24      Troubleshooting Connections and Resources
  Testing Your Configuration
Administrators can use the ASDM Ping interactive diagnostic tool in these ways:
Loopback testing of two interfaces—A ping may be initiated from one interface to another on the 
same ASA, as an external loopback test to verify basic “up” status and operation of each interface. 
Pinging to an ASA—The Ping tool can ping an interface on another ASA to verify that...

    Page 559

    Page 559 24-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 24 Troubleshooting Connections and Resources Testing Your Configuration Verify that devices in the intermediate communications path, such as switches or routers, are correctly delivering other types of network traffic. Make sure that traffic of other types from “known good” sources is being passed. Choose Monitoring > Interfaces > Interface Graphs. Using the Ping Tool To use the Ping tool, perform the following steps: Step 1In... 
     
24-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 24      Troubleshooting Connections and Resources
  Testing Your Configuration
Verify that devices in the intermediate communications path, such as switches or routers, are 
correctly delivering other types of network traffic. 
Make sure that traffic of other types from “known good” sources is being passed. Choose 
Monitoring > Interfaces > Interface Graphs. 
Using the Ping Tool
To use the Ping tool, perform the following steps:
Step 1In...

    Page 560

    Page 560 24-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 24 Troubleshooting Connections and Resources Testing Your Configuration Determining Packet Routing with Traceroute The Traceroute tool helps you to determine the route that packets will take to their destination. The tool prints the result of each probe sent. Every line of output corresponds to a TTL value in increasing order. The following table lists the output symbols printed by this tool. To use the Traceroute tool, perform... 
     
24-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 24      Troubleshooting Connections and Resources
  Testing Your Configuration
Determining Packet Routing with Traceroute
The Traceroute tool helps you to determine the route that packets will take to their destination. The tool 
prints the result of each probe sent. Every line of output corresponds to a TTL value in increasing order. 
The following table lists the output symbols printed by this tool.
To use the Traceroute tool, perform...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals