On the bottom of the display you will see a minus sign and an exclamation mark, like so.
Perfect Draft Exclamation Mark Solution
Theres two reasons that you will see this, firstly your keg has been in the machine more than 30 days, or you have powered off your Perfect Draft Machine, and changed kegs.
Remember always leave your machine ON when changing kegs!.
To fix this, you can either use the Plus & Minus keys to change the figure back to 30, of if you’ve changed kegs, leave the machine powered on, and remove / replace the keg.
Related Articles, References, Credits, or External Links
Packet-tracer is a brilliant troubleshooting tool, but sometimes interpreting the output proves to be more difficult that actually fixing the problem.
If your output fails at the access-list section this is the sort of thing you will see;
[box]
Petes-ASA# packet-tracer input inside tcp 10.2.2.10 80 123.123.123.123 80----Output removed for the sake of brevity---
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
[/box]
Solution
1. Re-run the packet-tracer and append the keyword ‘detailed’ on the end.
2. At this point if you are being specifically blocked by a ‘deny’ rule it should tell you like so;
[box]
Type: ACCESS-LIST
Subtype: log
Result: DROP
Config:
access-group outbound in interface inside <--
access-list outbound extended deny ip any any <--
Additional Information:
Forward Flow based lookup yields rule:
in id=0xbb9ba040, priority=13, domain=permit, deny=true
hits=0, user_data=0xb94669e0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
[/box]
3. Or you may see output like the following, this indicates you are being denied by the ‘implicit rule’.
[box]
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule<--
Additional Information:
Forward Flow based lookup yields rule:
in id=0xbc057320, priority=11, domain=permit, deny=true
hits=8, user_data=0x5, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: DMZ
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
[/box]
If you didn’t already know,as soon as you allow one piece of traffic though an interface with an ACL, everything else is blocked, it’s called the ‘implicit deny rule’. At the end of every ACL there is a deny, so if you traffic does not match any of the rules it gets dropped. So find the ACL name and add the traffic you want to it.
[box]
Petes-ASA# show run access-group
access-group outbound in interface inside
Petes-ASA# configure terminal
Petes-ASA(config)# access-list outbound permit tcp host 10.2.2.20 host 123.123.123.123 eq 80
[/box]
It Still Does Not Work!
There is another reason, that the traffic can be blocked by the ‘Implicit Rule’ if both interfaces have the same security level like so;
[box]
Petes-ASA# show run interface
!
interface GigabitEthernet0
nameif outside
security-level 0
ip address 192.168.253.254 255.255.255.0
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 10.1.1.1 255.255.0.0
!
interface GigabitEthernet2
nameif Partner
security-level 100
ip address 123.123.123.1 255.255.255.0
!
[/box]
To fix that you need to allow traffic between interfaces with the same security level;