Filter
Top Products
B-6
Cisco ASDM User Guide
OL-16647-01
Appendix B Troubleshooting
Reloading the Security Appliance
Step 4 (Optional) To disable the ICMP inspection engine, enter the following command:
hostname(config)# no service-policy ICMP-POLICY
Traceroute
You can trace the route of a packet using the traceroute feature, which is accessed with the traceroute
command. A traceroute works by sending UDP packets to a destination on an invalid port. Because the
port is not valid, the routers along the way to the destination respond with an ICMP Time Exceeded
Message, and report that error to the security appliance.
For more information, see Traceroute.
Packet Tracer
In addition, you can trace the lifespan of a packet through the security appliance to see whether the
packet is operating correctly with the packet tracer tool. This tool lets you do the following:
• Debug all packet drops in a production network.
• Verify the configuration is working as intended.
• Show all rules applicable to a packet, along with the CLI commands that caused the rule addition.
• Show a time line of packet changes in a data path.
• Inject tracer packets into the data path.
The packet-tracer command provides detailed information about the packets and how they are
processed by the security appliance. If a command from the configuration did not cause the packet to
drop, the packet-tracer command will provide information about the cause in an easily readable
manner. For example, when a packet is dropped because of an invalid header validation, the following
message appears: “packet dropped due to bad ip header (reason).”
For more information, see Packet Tracer.
Reloading the Security Appliance
In multiple mode, you can only reload from the system execution space. To reload the security appliance,
enter the following command:
hostname# reload
Recovering from a Lockout
In some circumstances, when you turn on command authorization or CLI authentication, you
can be locked out of the security appliance CLI. You can usually recover access by
restarting the security appliance. For information on common lockout conditions and how
you might recover from them, see