Traffic thru IPsec tunnel

Unanswered Question
Apr 18th, 2008


How can I check whether traffic is going through tunnel? Tunnel is up and running. When I ping remote end private IP, no replies. ICMP is allowed on PIX. See attached config.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gbudd12345 Mon, 04/21/2008 - 12:27

show crypto isakmp sa will give you counters for packets that are encrypted and decrypted.

--Gavin Budd

husycisco Tue, 04/22/2008 - 02:17

Hi Joseph,

You can use packet-tracer command for achieving what you want.


ankurs2008 Tue, 04/22/2008 - 12:55


From your local LAN IP towards the remote LAN ip (mentioned in the Crypto acl), give a continous ping and parallely run the command "debug icmp trace" and "debug crypto isakmp sa "

joseph.yuffa Tue, 04/22/2008 - 17:25


What the full syntax of the command? I've tried packet-tracer ? on PIX and it came with nothing.


joseph.yuffa Tue, 04/22/2008 - 17:29


What is the full command syntax? I've tried 'packet-tracer ?' on PIX and it came back with nothing. Thanks.

husycisco Wed, 04/23/2008 - 04:43


packet-tracer input inside tcp aninsidehostIP 3389 remotesitehostIP 3389 detailed


This Discussion