I am currently engaged in a role that involves a significant amount of ASA configuration. Having worked on Unified Comms and R&S for the most of the last 5 years, I never really had a fascination for anything Firewall related (especially not for the other brand called Checkpoint, crackpoint, schmeckpoint or whatever its name is). However having worked on an ASA 5585 for the last few weeks, I guess its time for a post related to this. This piece of kit is the dogs bollocks and (according to Cisco) capable of holding 10 million concurrent connections, blah blah blah, enough about that.
One of the first things I had to brush up on were my troubleshooting skills on this thing, customers saying thing like; "our end users can't connect to www.whatever.com.au on port 443". This post, and possible more posts to follow, will address what troubleshooting tools are available to diagnose issues like this. It will be a more general post for a wider audience. This post is based on CSM 4.2 but I am pretty sure most can be used on ASDM as well.
Packet tracer, my favourite tool. I use this all the time to quickly verify if traffic goes from A to B, (or not) which ACL it hits and what NAT rules applies.