Mailing List Archive: Cisco: NSP

VPN traffic

Index | Next | Previous | View Threaded

rmikisa at gmail

Nov 18, 2009, 4:40 AM

Post #1 of 2 (272 views)
Permalink

VPN traffic

Dear all,

In trying to troubleshoot VPN traffic on a Cisco ASA 5520, is it possible to
debug the actual traffic in the tunnel. Scenario: Site to site tunnel comes
up but either side cannot reach the remote nodes beyond the firewalls.

Regards,
Richard

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

rwest at zyedge

Nov 18, 2009, 5:24 AM

Post #2 of 2 (256 views)
Permalink

Re: VPN traffic [In reply to]

Hi,

> -----Original Message-----
> From: cisco-nsp-bounces [at] puck [mailto:cisco-nsp-
> bounces [at] puck] On Behalf Of Mikisa Richard
> Sent: Wednesday, November 18, 2009 7:40 AM
>
> Dear all,
>
> In trying to troubleshoot VPN traffic on a Cisco ASA 5520, is it
> possible to
> debug the actual traffic in the tunnel. Scenario: Site to site tunnel
> comes
> up but either side cannot reach the remote nodes beyond the firewalls.
>

Can you describe your scenario in a little more detail? Is the firewall inline with all traffic? If it's not, you're probably hitting a routing issue. With just informational level buffer logging, you should be able to see why the traffic might be failing. If you want to process the traffic through your ACLs and watch for hits there, you can disable sysopt permit-vpn.

-ryan
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads