ASA


Packet Tracer uses a simplified model of the Cisco Adaptive Security Appliance Software. Click on the CLI tab in the ASA configuration window to access the Cisco command line interface. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the command tree for Packet Tracer ASA. The tree contains only command chains that are supported in Packet Tracer.

 

User Mode

  • enable [ <0-15> ]
  • exit
  • logout
  • ping [ ip | ipv6 | WORD ]
  • quit
  • show
    • version
  • traceroute [ ip | WORD ]

Enable Mode

  • configure [ terminal ]
  • copy
    • disk0:
      • running-config
      • startup-config
      • tftp:
    • flash:
      • running-config
      • startup-config
      • tftp:
    • running-config
      • disk0:
      • flash:
      • startup-config
      • tftp:
    • startup-config
      • disk0:
      • flash:
      • running-config
      • tftp:
    • tftp:
      • disk0:
      • flash:
      • running-config
      • startup-config
  • dir
  • exit
  • logout
  • ping [ ip | ipv6 | WORD ]
    • tcp [ ip | ipv6 | WORD ]
  • reload
  • show
    • access-list
    • activation-key
    • arp
    • clock
    • crypto
      • isakmp [ sa ]
      • ipsec [ sa ]
      • map
      • crypto key mypubkey rsa
    • dhcpd
      • binding all
      • state
    • disk0:
    • file system
    • flash:
    • interface
      • inside
      • outside
      • Ethernet <0>/<0-7>
      • Vlan [<1-4090>]
      • ip brief
    • ip address
    • ipv6
      • access-list
      • interface brief
      • neighbor
      • route
    • nat
    • ntp status
    • route
    • running-config
    • ssh
    • startup-config
    • switch vlan
    • version
    • vlan
    • xlate
  • traceroute [ ip | WORD ]
  • write [ erase | memory ]

Global Mode

  • aaa
    • authentication
      • ssh
        • console LOCAL
      • telnet
        • console LOCAL
  • access-group [ WORD ]
    • in [ interface ] [inside | outside ]
    • out [ interface ] [inside | outside ]
  • access-list [ WORD ]
    • [ deny | permit ]
      • [ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ]
      • [ icmp | icmp6 | object-group WORD | tcp | udp ]
        • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
          • [ echo | echo-reply | unreachable ]
    • extended
      • [ deny | permit ]
        • [ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ]
        • [ icmp | icmp6 | object-group WORD | tcp | udp ]
          • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
            • [ echo | echo-reply | unreachable ]
  • class-map WORD
  • clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ]
  • configure terminal
  • crypto
    • ikev1
      • policy [ 1-65535 ]
      • enable [ inside | outside ]
    • ipsec
      • ikev1 transform-set WORD
        • [ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5-hmac | esp-sha-hmac ]
      • security-association lifetime seconds <120-2147483647>
    • key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]
    • map WORD
      • interface [ inside | outside ]
      • <1-65535>
        • match address WORD
        • set
          • ikev1 transform-set [ WORD ]
          • peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ]
          • security-association lifetime seconds <120-2147483647>
  • dhcpd
    • address [ WORD ] [ inside | outside ]
    • auto-config [ inside | outside ]
    • dns [ Hostname | A.B.C.D ] interface [ inside | outside ]
    • domain [ WORD ] interface [ inside | outside ]
    • enable [ inside | outside ]
    • lease <300-1048575> [ inside | outside ]
  • domain-name [ WORD ]
  • enable password [ WORD ] [ encrypted | level <1-15> encrypted ]
  • end
  • exit
  • group-policy [ WORD ] [ attributes | internal ]
  • hostname WORD
  • http
    • [ WORD ] [ A.B.C.D ] [ inside | outside ]
    • enable
    • X:X:X:X::X/<0-128> [ inside | outside ]
  • interface
    • Ethernet <0>/<0-7>
    • Vlan <1-4090>
  • ipv6
    • access-list WORD
      • [ deny | permit ]
        • [ icmp | icmp6 | object-group WORD | tcp | udp ]
          • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
            • [ echo | echo-reply | unreachable ]
    • route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ]
  • name [ A.B.C.D | X:X:X:X::X ] [ WORD ]
  • names
  • no
    • aaa
      • authentication
        • ssh
          • console LOCAL
        • telnet
          • console LOCAL
    • access-group [ WORD ]
      • in [ interface ] [inside | outside ]
      • out [ interface ] [inside | outside ]
    • access-list [ WORD ]
      • [ deny | permit ]
        • [ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ]
        • [ icmp | icmp6 | object-group WORD | tcp | udp ]
          • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
            • [ echo | echo-reply | unreachable ]
      • extended
        • [ deny | permit ]
          • [ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ]
          • [ icmp | icmp6 | object-group WORD | tcp | udp ]
            • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
              • [ echo | echo-reply | unreachable ]
    • class-map WORD
    • clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ]
    • configure terminal
    • crypto
      • ikev1
        • policy [ 1-65535 ]
        • enable [ inside | outside ]
      • ipsec
        • ikev1 transform-set WORD
          • [ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5-hmac | esp-sha-hmac ]
        • security-association lifetime seconds <120-2147483647>
      • key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]
      • map WORD
        • interface [ inside | outside ]
        • <1-65535>
          • match address WORD
          • set
            • ikev1 transform-set [ WORD ]
            • peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ]
            • security-association lifetime seconds <120-2147483647>
    • dhcpd
      • address [ WORD ] [ inside | outside ]
      • auto-config [ inside | outside ]
      • dns [ Hostname | A.B.C.D ] interface [ inside | outside ]
      • domain [ WORD ] interface [ inside | outside ]
      • enable [ inside | outside ]
      • lease <300-1048575> [ inside | outside ]
    • domain-name [ WORD ]
    • enable password [ WORD ] [ encrypted | level <1-15> encrypted ]
    • end
    • exit
    • group-policy [ WORD ] [ attributes | internal ]
    • hostname WORD
    • http
      • [ WORD ] [ A.B.C.D ] [ inside | outside ]
      • enable
      • X:X:X:X::X/<0-128> [ inside | outside ]
    • interface
      • Ethernet <0>/<0-7>
      • Vlan <1-4090>
    • ipv6
      • access-list WORD
        • [ deny | permit ]
          • [ icmp | icmp6 | object-group WORD | tcp | udp ]
            • [A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ]
              • [ echo | echo-reply | unreachable ]
      • route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ]
    • name [ A.B.C.D | X:X:X:X::X ] [ WORD ]
    • names
    • ntp
      • authenticate
      • authentication-key <1-4294967295> md5 WORD [ <0-4294967295> ]
      • server A.B.C.D [ key <0-4294967295> ]
      • trusted-key <1-4294967295>
    • object network [ WORD ]
    • object-group service [ WORD ]
      • tcp
      • tcp-udp
      • udp
    • passwd [ WORD ] encrypted
    • policy-map
      • WORD
      • type inspect dns WORD
    • route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>]
    • service-policy [ WORD ] [ global | interface inside | interface outside ]
    • setup
    • ssh
      • WORD A.B.C.D [ inside | outside ]
      • X:X:X:X::X/<0-128> [ inside | outside ]
      • timeout <1-1440>
    • telnet
      • WORD A.B.C.D [ inside | outside ]
      • X:X:X:X::X/<0-128> [ inside | outside ]
      • timeout <1-1440>
    • tunnel-group [ WORD ]
      • general-attributes
      • ipsec-attributes
      • type [ ipsec-121 | remote-access ]
    • username [ WORD ] [ attributes | password WORD encrypted ]
    • webvpn
  • ntp
    • authenticate
    • authentication-key <1-4294967295> md5 WORD [ <0-4294967295> ]
    • server A.B.C.D [ key <0-4294967295> ]
    • trusted-key <1-4294967295>
  • object network [ WORD ]
  • object-group service [ WORD ]
    • tcp
    • tcp-udp
    • udp
  • passwd [ WORD ] encrypted
  • policy-map
    • WORD
    • type inspect dns WORD
  • route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>]
  • service-policy [ WORD ] [ global | interface inside | interface outside ]
  • setup
  • ssh
    • WORD A.B.C.D [ inside | outside ]
    • X:X:X:X::X/<0-128> [ inside | outside ]
    • timeout <1-1440>
  • telnet
    • WORD A.B.C.D [ inside | outside ]
    • X:X:X:X::X/<0-128> [ inside | outside ]
    • timeout <1-1440>
  • tunnel-group [ WORD ]
    • general-attributes
    • ipsec-attributes
    • type [ ipsec-121 | remote-access ]
  • username [ WORD ] [ attributes | password WORD encrypted ]
  • webvpn

Ethernet Interface Mode

  • exit
  • ip
    • address
      • A.B.C.D A.B.C.D
      • dhcp
  • nameif [ WORD ]
  • security-level <0-100>
  • shutdown
  • switchport access vlan <1-4090>

VLAN Interface Mode

  • exit
  • forward
  • ip
    • address
      • A.B.C.D A.B.C.D
      • dhcp
  • ipv6
    • access-list [ WORD ] [ deny | permit ]
      • [ icmp | icmp6 | object-group WORD | tcp | udp ]
        • [A.B.C.D A.B.C.D | any A.B.C.D | host A.B.C.D | object WORD A.B.C.D ]
          • [ echo | echo-reply | unreachable ]
    • route
  • nameif [ WORD ]
  • security-level <0-100>
  • shutdown

Class-Map Configuration Mode

  • exit
  • match
    • access-list [ WORD ]
    • any
    • default-inspection-traffic

Group-policy Configuration Mode

  • exit
  • webvpn
  • vpn-tunnel-protocol ssl-clientless

Object Configuration Mode

  • description [ LINE ]
  • host [ A.B.C.D | X:X:X:X::X ]
  • nat ( Open parenthesis for (<internal_if_name>,<external_if_name>) pair
  • subnet [ A.B.C.D A.B.C.D | X:X:X:X::X<0-128>]

Object-group Configuration Mode

  • description [ LINE ]
  • port-object
    • eq [ domain | www | <0-65535> ]
    • range [ <0-65535> ] [ <0-65535> ]

Webvpn Configuration Mode

  • enable password [ WORD ] [ encrypted | level <1-15> encrypted ]
  • exit

Rommon Mode

  • address addr
  • boot args
  • clear
  • confreg value
  • dev
  • file name
  • gateway addr
  • help
  • history
  • interface name
  • reboot
  • reload
  • repeat arg
  • reset
  • server addr
  • set
  • show cmd
  • tftpdnld
  • unset varname