I have notice that sometines when debugging VPN tunnels using (I have seen this on both PIX5xx and ASA 5510)
debug cry isakmp
debug cry ipsec
That sometimes when sending traffic that should trigger the tunnel initiation, I see nothing in the debug and other times I do.
Even when the tunnel gets established and I know phase 1 and phase 2 successfully completed)
Is there something I am missing?
If I want to put a monitor session on the outside interface of the ASA to capture traffic to and from the tunnel peer end,
would I filter the monitor to capture the tunnel secure LAN endpoint, or the peer endpoint, or would I see traffic from both of these subnets on the remote end?