Recently when replacing an ASA5510 with a new ASA5545X, I noticed the nat was not working for a couple public ips. I used the following command to capture any packets attempting to hit that ip. The problem ended up being an arp cache issue that had to involve the provider. Something to keep in mind with fiber services – the device on site is not a layer 3 device, it only converts fiber to copper. The device that needed to be flushed was at the provider end, miles away.

cap o type raw-data int OUTSIDE match ip any host 60.33.70.69

show cap

Leave a Reply

Post Navigation