ASA Cheat Sheet
Untested ASA Commands
I have not tested some of these yet, but documented them as a starting point when walking the command tree. I strongly recommend against blindly running commands that you are unsure of how they will affect your device.
ASA Password Reset
hostname# configure terminal
hostname(config)# password <new_password>
hostname(config)# write memory
hostname(config)# reload
Most useful commands
| Command | Description |
|---|---|
| show interface | Displays the status of all interfaces on the ASA, including physical and logical interfaces like VLANs. |
| show interface ethernet <interface_name> | Provides detailed information about a specific Ethernet interface, including its status, configuration, statistics, and current operational state. |
| show interface ip brief | Gives a brief overview of the IP configuration for all interfaces on the ASA, including IP addresses, status, method of obtaining an IP, and name. |
| show conn | Displays the current connections through the firewall, including source and destination IP addresses, ports, protocol, state, and flags. |
| show arp | Shows the ARP cache table, which maps IP addresses to MAC addresses. Useful for troubleshooting Layer 2 connectivity issues. |
| show route | Displays the routing table of the ASA, including directly connected networks, static routes, and dynamically learned routes. |
| show failover | Provides information about the failover status and configuration of the ASA in a high availability setup. |
| show version | Shows the hardware and software version of the ASA, including the model, serial number, operating system version, uptime, licensed features, etc. |
| show vpn-sessiondb | Displays information about active VPN sessions on the ASA, including remote peer IP address, VPN group, encryption algorithm, and session duration. |
| show crypto isakmp sa | Shows active Internet Security Association and Key Management Protocol (ISAKMP) security associations (SAs) on the ASA. |
| show crypto ipsec sa | Displays active IPsec SAs (tunnels) on the ASA, including source and destination IP addresses, encryption and authentication algorithms, and status. |
| show access-list | Displays configured access control lists (ACLs) and their hit counts. Useful for troubleshooting traffic filtering issues. |
| show firewall | Shows firewall counters, including packets allowed, dropped, and denied. Helpful for monitoring overall firewall activity. |
| show asp drop | Displays dropped packets and reasons for dropping at the ASA’s hardware level. Useful for troubleshooting packet drops. |
| show logging | Shows the ASA’s logging buffer, including system messages, debug messages, and VPN logs. Helpful for troubleshooting and monitoring. |
| show service-policy | Displays the service policy applied to an interface, including traffic statistics and packet drops. Useful for checking QoS configurations. |
| show cpu usage | Shows CPU utilization statistics on the ASA. Useful for identifying high CPU load and performance issues. |
| show memory | Displays memory usage statistics on the ASA. Helpful for monitoring memory utilization and identifying potential memory leaks. |
| show processes | Shows CPU utilization breakdown by processes running on the ASA. Useful for identifying processes consuming CPU resources. |
| show conn detail | Provides detailed information about active connections, including timeout values, NAT translation, and connection flags. |
| show asp table conn | Displays the connection table maintained by the ASA’s hardware acceleration (ASP). Useful for troubleshooting connection-related issues. |
| show asp table drop | Shows packets dropped by the ASA’s hardware acceleration (ASP). Helpful for identifying reasons for packet drops. |
| show capture | Displays captured packets on the ASA for troubleshooting purposes. Allows filtering packets based on criteria such as source, destination, or interface. |
| show cluster info | Provides information about the clustering status and configuration of ASA firewalls in a cluster. Helpful for troubleshooting clustering issues. |
| show memory detail | Shows detailed memory usage statistics, including memory pools and allocation. Useful for identifying memory utilization patterns. |
| show processes cpu-usage | Displays CPU utilization by processes in real-time. Useful for identifying processes causing high CPU load. |
| show running-config | Displays the current running configuration of the ASA. Useful for reviewing and verifying the configuration. |
| show startup-config | Shows the startup configuration stored in NVRAM. Helpful for comparing the current running configuration with the saved startup configuration. |
| show tech-support | Generates a detailed technical support report, including configuration, logs, and hardware information. Useful for troubleshooting complex issues. |
| show traffic | Displays real-time traffic statistics on the ASA, including packets and bytes transmitted and received on each interface. |
Failover related
| Command | Description |
|---|---|
| show failover | Displays information about the failover status and configuration of the ASA in a high availability setup. |
| show failover history | Shows the history of failover events, including state transitions and configuration changes. |
| show failover state | Displays the current failover state of the ASA, including the unit’s role (active or standby) and the state of failover interfaces. |
| show failover exec | Displays the commands that are currently being executed on the standby unit due to failover events. |
| show failover exec mate | Displays the commands that are currently being executed on the primary unit and synchronized to the standby unit. |
| show failover statistics | Provides statistics related to failover events, including the number of state transitions and interface failures. |
| show failover replication | Displays information about the replication status of configuration and state information between primary and standby units. |
| show failover replication details | Shows detailed information about the replication status of specific types of data, such as interface status or configuration. |
| show failover state-compact | Displays a compact version of the failover state, showing only critical information such as unit role and interface status. |
| show failover history-compact | Shows a compact version of the failover history, providing a summary of recent failover events. |
| show failover license | Displays information about the failover license status, including the number of licensed failover units and any license-related errors. |
| show failover link | Displays information about the failover link, including interface status, IP addresses, and configuration settings. |
| show failover mac | Shows the MAC addresses used for failover communication between ASA units. |
| show failover state-compact | Displays a compact version of the failover state, showing only critical information such as unit role and interface status. |
| show failover history-compact | Shows a compact version of the failover history, providing a summary of recent failover events. |
| show failover license | Displays information about the failover license status, including the number of licensed failover units and any license-related errors. |
| show failover link | Displays information about the failover link, including interface status, IP addresses, and configuration settings. |
| show failover mac | Shows the MAC addresses used for failover communication between ASA units. |
| show failover statistics packet-drop | Provides statistics on packet drops related to failover, including reasons for drops and interface-specific information. |
| show failover statistics standby | Displays statistics related to the standby unit’s operation, such as time spent in different failover states and interface status. |
| show failover statistics active | Shows statistics related to the active unit’s operation, including uptime, time spent in different failover states, and interface status. |
| show failover history | Displays a history of failover events, including state transitions and configuration changes. |
| show failover history detail | Shows detailed information about failover events, including timestamps, event types, and affected configurations. |
| show failover history configuration | Displays configuration changes related to failover, such as changes to failover settings and interface configurations. |
| show failover history interface | Shows events related to interface state changes in the failover history, including interface name, state, and reason for the change. |
| show failover history state-transitions | Provides a history of failover state transitions, including timestamps, previous and current states, and reasons for transitions. |
| show failover history system-uptime | Displays the system uptime history, including timestamps for system reboots and failover events. |
System Related
| Command | Description |
|---|---|
| show cpu usage | Displays CPU utilization statistics on the ASA, including overall CPU usage and usage breakdown by processes. |
| show processes cpu-usage | Provides real-time CPU utilization statistics by individual processes running on the ASA. |
| show memory | Displays memory usage statistics on the ASA, including total memory, used memory, and free memory. |
| show memory detail | Shows detailed memory usage statistics, including memory pools, allocation, and utilization by process. |
| show processes memory | Displays memory usage statistics by individual processes running on the ASA. Useful for identifying memory-intensive processes. |
| show memory allocating-process | Shows memory allocation statistics for individual processes running on the ASA. Helpful for troubleshooting memory leaks. |
| show disk0: | Displays information about the disk0: filesystem, including total disk space, used space, and available space. |
| show disk0: filesystem | Provides detailed information about the disk0: filesystem, including file system type, total blocks, and blocks used. |
| show disk0: filesystem usage | Shows disk space usage statistics for the disk0: filesystem, including total space, used space, and available space. |
| show disk0: filesystem fragmentation | Displays fragmentation information for the disk0: filesystem, including fragmentation percentage and number of fragments. |
| show flash: | Displays information about the flash: filesystem, including total flash memory, used space, and available space. |
| show flash: filesystem | Provides detailed information about the flash: filesystem, including file system type, total blocks, and blocks used. |
| show flash: filesystem usage | Shows flash space usage statistics for the flash: filesystem, including total space, used space, and available space. |
| show flash: filesystem fragmentation | Displays fragmentation information for the flash: filesystem, including fragmentation percentage and number of fragments. |
| show crashinfo | Displays information about crash files stored in memory or on disk, including crash time, reason, and associated processes. |
| show crashinfo detail | Provides detailed information about crash files, including crash dump contents, stack traces, and memory state at the time of the crash. |
| show crashinfo crashdisk | Displays crash files stored on disk and their details, including crash time, reason, and associated processes. |
| show crashinfo crashdisk <file_name> | Displays detailed information about a specific crash file stored on disk. |
| show version | Shows the hardware and software version of the ASA, including the model, serial number, operating system version, and licensed features. |
| show platform hardware | Displays hardware information about the ASA platform, including CPU type, memory size, and installed hardware modules. |
| show platform hardware chassis-info | Provides chassis information for the ASA platform, including serial number, asset ID, and hardware revision. |
| show platform hardware throughput | Shows throughput capacity and limitations of the ASA hardware platform. |
| show platform hardware throughput level | Displays the current throughput level configured on the ASA hardware platform. |
| show environment | Provides environmental information about the ASA, including temperature, voltage, and fan status. |
| show environment temperature | Displays temperature sensor readings for various components on the ASA. |
| show environment fan | Shows fan status and RPM (revolutions per minute) readings for fan units installed in the ASA. |
| show environment power-supply | Provides power supply status and voltage readings for power supply units installed in the ASA. |
| show io | Displays input/output (I/O) statistics for various interfaces and subsystems on the ASA, including interface counters and throughput. |
| show io eth0/0 | Provides detailed I/O statistics for a specific Ethernet interface on the ASA. |
VPN Related
| Command | Description |
|---|---|
show crypto isakmp sa | Displays active ISAKMP security associations (SAs). |
show crypto ipsec sa | Displays active IPsec security associations (SAs). |
show crypto engine | Provides information about cryptographic hardware accelerators. |
show crypto key mypubkey rsa | Displays the RSA public key for the ASA. |
show crypto key mypubkey rsa <key_id> | Shows a specific RSA public key identified by its key ID. |
show crypto key mypubkey ec | Displays the Elliptic Curve (EC) public key for the ASA. |
show crypto key mypubkey ec <key_id> | Shows a specific EC public key identified by its key ID. |
show crypto key pubkey-chain rsa | Displays the RSA public key chain for the ASA. |
show crypto key pubkey-chain ec | Displays the EC public key chain for the ASA. |
show crypto ca certificates | Shows information about certificates stored in the ASA’s certificate authority (CA) trustpoint. |
show crypto ca certificate <certificate_name> | Displays details of a specific certificate stored in the CA trustpoint. |
show crypto ca certificate chain <certificate_name> | Shows the certificate chain for a specific certificate. |
show crypto ca trustpoint | Displays information about configured CA trustpoints. |
show crypto ca trustpoint <trustpoint_name> | Shows details of a specific CA trustpoint. |
show vpn-sessiondb | Displays information about active VPN sessions. |
show vpn-sessiondb detail | Shows detailed information about active VPN sessions. |
show vpn-sessiondb filter protocol <protocol> | Filters VPN sessions based on the specified protocol (e.g., IKEv1, IKEv2, SSL). |
show vpn-sessiondb filter group-policy <group_policy_name> | Filters VPN sessions based on the assigned group policy. |
show vpn-sessiondb filter username <username> | Filters VPN sessions based on the username. |
show vpn-sessiondb filter state <session_state> | Filters VPN sessions based on session state (e.g., UP, DOWN). |
show vpn-sessiondb filter bytes | Filters VPN sessions based on the amount of data transferred during the session. |
show vpn-sessiondb filter duration | Filters VPN sessions based on session duration. |
show crypto isakmp policy | Displays configured ISAKMP (IKE Phase 1) policies. |
show crypto ipsec transform-set | Shows configured IPsec transform sets. |
show crypto map | Displays configured crypto maps and associated parameters. |
show crypto map interface <interface> | Shows the applied crypto map on a specific interface. |
show crypto dynamic-map | Displays configured dynamic crypto maps. |
show crypto isakmp key | Shows preshared keys configured for ISAKMP authentication. |
show crypto map tag <tag> | Displays the configuration of a specific crypto map identified by its tag. |
show crypto session detail | Shows detailed information about active crypto sessions. |