Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
1
Replies

View traffic "in the tunnel"?

krisselada
Level 1
Level 1

‎02-07-2008 09:41 PM - edited ‎03-09-2019 08:04 PM

I have a VPN setup between two sites. My end has a 3000 concentrator, other end is unknown at this time.

I know the tunnel is up and I know that the initial syn is being passed and hitting the system in question on the other side. I also know that the other side is responding with a syn/ack, but I don't see anything on my side.

I don't have access to the other side but they assure me its NOT THEM.

So I need to PROVE that I can see traffic go IN the tunnel and ALSO see that nothing is being dropped while in the tunnel on my side.

I have yet to find how to view this. What classes should I have enable to view this?

Appreciate any assistance or pointing to the documentation where this is found

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎02-08-2008 08:03 PM

Kendall,

You will have to work with the concentrator live event log as well as some basic test when bringing up the tunnel and stablishing the connection. You do not say who initiates this tunnel nor what type of tcp services are allowed, but lets assume host 10.2.2.2 on your side is the one initiating the tunnel to destination host on other side 192.168.1.1 , and that other side is allowing RDP port 3389.

You may do a simple telnet test on 3389 port.

e.g telnet 192.168.1.1 3389 you should get a black screen and at the some time this will also triger interesting traffic to bring up the tunnel, observe the live event log from concentrator which will provide detailed information on the two Ipsec Phases, that is Phase-1 and Phase-2 SA exchange etc... if indeed the tunnel comes up you should see it is the live event log as well as when you do the telnet test, you may provide the other side with log information from the your concentrator.

As for encripted traffic on the concentrator loog at the Monitor sessions Window look at LAN-to-LAN section , if tunnel is up and traffic is exchanged you should see Bytes Tx, Bytes Rx as well as Encryption statistics on the tunnel.

If this process is the other way around meaning the other side is initiating interesting traffic the same information applies, live event log should provide the IPsec tunnel being stablished or failing.

Rgds

Jorge

Jorge Rodriguez
0 Helpful
Customers Also Viewed These Support Documents