Diagnostic Commands and Tools
The importance of the show and debug commands cannot be overemphasized for IOS firewall troubleshooting. Although show commands are useful to find the actual status of a connection, debug commands provide the details of the connections. Details about the show and debug commands are discussed in the following sections:
show Commands
The show command for CBAC that is available on the Cisco IOS router has the following options:
show ip inspect {name inspection-name | config | interfaces | session [detail] | all}
The most commonly used command is show ip inspect session detail, which shows the status of the session and other meaningful information as shown in Example 5-11: