ASA Real-time Capture with ACL

A quick ACL for use with the capture command in the ASA. Use "host x.x.x.x" or "x.x.x.0 255.255.255.0" in the target boxes and it will reverse to see traffic in both directions. NOTE: It clears config on the ACL so be sure you've got the right ACL!

awfki
February 19, 2014
Name of ACL

First host or Subnet

Second host or Subnet

Name of interface to capture on

conf t
clear config access-list %{ACLNAME}%
access-list %{ACLNAME}% extended permit ip %{TARGET1}% %{TARGET2}%
access-list %{ACLNAME}% extended permit ip %{TARGET2}% %{TARGET1}%
end
capture %{ACLNAME}% int %{INTNAME}% access-list %{ACLNAME}% real-time