!! Enable the performance monitoring asdm history enable !! View data show asdm history feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates> show asdm history view <10m|60m|12h|5d|all> feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates>
- You can leave off the feature command to view ALL performance data
show eigrp topology show eigrp neighbors debug eigrp neighbor debug eigrp fsm
router eigrp <as-num> !! as number must match on neighbors no auto-summary eigrp router-id 10.0.150.3 !! Name for defining the eigrp, name after interface IP redistribute static !! redistribute static routes, can use policy map instead so not ALL statics are distributed network 10.0.150.0 255.255.255.0 !! Directly connected network network 220.127.116.11 255.255.255.248 !! Directly connected network exit !! configure static routes to point to the interface/IP that you want to monitor and stop advertising the routes when the interface goes down route <int-to-watch> <network-to-advertise> <subnet> <ip-of-int-to-watch>
access-list no_inspect_ESMTP deny tcp <source> <destination> eq 25 access-list no_inspect_ESMTP permit tcp any any eq 25 class-map no_inspect_ESMTP match access-list no_inspect_ESMTP exit policy-map global_policy class no_inspect_ESMTP inspect ESMTP exit class inspection_default no inspect esmtp exit
- It's important that the last ACL is specific for port 25 and not all IP. Traffic will break if left as 'ip'
!! Most SPLAT Devices echo "<NAT-IP> <Physical-Interface-MAC-Address>" >> $FWDIR/conf/local.arp !! SPLAT Devices with VMAC mode enabled echo "<NAT-IP> <Virtual-MAC-Address>" <Physical-Int-IP> >> $FWDIR/conf/local.arp
- AutoNATs normally do not require a proxy arp. Ensure "merge manual proxy arp configuration" is enabled in the Global Properties -> NAT
cphaprob -d problem -s problem report !! Performed on active firewall to failover cphaprob -d problem unregister !! Unregister the problem
- The best place to perform a failover is within the policy. This is for temporary failover purposes. After removing the problem, if the configuration has not been updated, it is likely the firewalls will fail back.