1. 在ASA5520配置syslog服务
logging enable
logging trap informational
logging host inside 172.16.99.200(内网装有syslog电脑)
2.ping 172.16.99.200
3.show xltae
4.show conn
5.access-list test permit ip host ip (inside) host ip(outside)
access-list test permit ip host ip (outside) host ip (inside)
6.show access-list test
7.capture inside access-list test buffer 10000000 interface inside interface outside
capture outside access-list test buffer 10000000 interface outside interface inside
8.show access-list test(可以看到数据的流向)
9.show capture (可以看到数据包的大小)
10.copy /pcap capture:inside tftp://172.16.99.200
copy /pcap capture:outside tftp://172.16.99.200
11.no access-list test permit ip 去掉
no capture inside
no capture outside
clear capture inside
clear capture outside