Cisco ASA 5505 User Manual

82-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 82 Troubleshooting

Testing Your Configuration

Enabling ICMP Debugging Messages and Syslog Messages

Debugging messages and syslog messages can help you troubleshoot why your pings are not successful.
The ASA only shows ICMP debugging messages for pings to the ASA interfaces, and not for pings
through the ASA to other hosts. To enable debugging and syslog messages, perform the following steps:

To enable ICMP inspection to the default global policy, perform the following steps:

Command

Purpose

Step 1

debug icmp trace

Example:

hostname(config)# debug icmp trace

Shows ICMP packet information for pings to the ASA interfaces.

Step 2

logging monitor debug

Example:

hostname(config)# logging monitor debug

Sets syslog messages to be sent to Telnet or SSH sessions.

Note

You can alternately use the logging buffer debug
command to send log messages to a buffer, and then view
them later using the show logging command.

Step 3

terminal monitor

Example:

hostname(config)# terminal monitor

Sends the syslog messages to a Telnet or SSH session.

Step 4

logging on

Example:

hostname(config)# logging on

Enables syslog message generation.

Command

Purpose

Step 1

policy-map

name

Example:

hostname(config)# policy-map global_policy

Configures the policy map and attach the action to the class of
traffic.

Step 2

class

classmap_name

Example:

hostname(config-pmap)# class

inspection_default

Assigns a class map to the policy map so that you can assign
actions to the class map traffic.

Step 3

inspect icmp

Example:

hostname(config)# inspect icmp

Enables ICMP inspection.