View traffic "in the tunnel"?

Unanswered Question
Feb 7th, 2008

I have a VPN setup between two sites. My end has a 3000 concentrator, other end is unknown at this time.

I know the tunnel is up and I know that the initial syn is being passed and hitting the system in question on the other side. I also know that the other side is responding with a syn/ack, but I don't see anything on my side.

I don't have access to the other side but they assure me its NOT THEM.

So I need to PROVE that I can see traffic go IN the tunnel and ALSO see that nothing is being dropped while in the tunnel on my side.

I have yet to find how to view this. What classes should I have enable to view this?

Appreciate any assistance or pointing to the documentation where this is found

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 02/08/2008 - 20:03

Kendall,

You will have to work with the concentrator live event log as well as some basic test when bringing up the tunnel and stablishing the connection. You do not say who initiates this tunnel nor what type of tcp services are allowed, but lets assume host 10.2.2.2 on your side is the one initiating the tunnel to destination host on other side 192.168.1.1 , and that other side is allowing RDP port 3389.

You may do a simple telnet test on 3389 port.

e.g telnet 192.168.1.1 3389 you should get a black screen and at the some time this will also triger interesting traffic to bring up the tunnel, observe the live event log from concentrator which will provide detailed information on the two Ipsec Phases, that is Phase-1 and Phase-2 SA exchange etc... if indeed the tunnel comes up you should see it is the live event log as well as when you do the telnet test, you may provide the other side with log information from the your concentrator.

As for encripted traffic on the concentrator loog at the Monitor sessions Window look at LAN-to-LAN section , if tunnel is up and traffic is exchanged you should see Bytes Tx, Bytes Rx as well as Encryption statistics on the tunnel.

If this process is the other way around meaning the other side is initiating interesting traffic the same information applies, live event log should provide the IPsec tunnel being stablished or failing.

Rgds

Jorge

Actions

This Discussion