Reg .packet capture on S2S tunnel traffic

ankurs2008 · ‎08-25-2009

Hi

I am having a Site to Site VPN Tunnel .Phase 1 &2 are getting established however the issue is that at the remote peer end packets are showing as encrypted but not decrypted .The Access lists at both the end are mirror images .My requirement is that i want to run a packet capture with the capture command.However i want to know on which particular interface of my ASA shall i run the packet capture to see what is happening (i want to see the VPN Traffic however my confusion is as to what output will the Outside interface will show and what output will the Inside Interface will show).I am sensing a routing issue however in order to confirm and have an evidence , i think that "capture " command will show the desired output

Regards

Ankur

JORGE RODRIGUEZ · ‎08-25-2009

Ankur, apply the capture to oustide interface where u terminate the ipsec tunnel.. work with one IP source from other end of tunnel for example, and it does not matter whether your inside host connects to other end host or the source hosts pings your inside host... you should see the output either way using outside interface..

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd4413b

sounds like you have routing issue, if I recall had similar problem symptoms when you see encrypts and no decrypts..

good luck.

Regards

Jorge Rodriguez