Source interesting VPN traffic from PIX/ASA

Answered Question
Phil Williamson Wed, 12/02/2009 - 07:27

I did not think so, but with all the new features in 8.X I was thinking I had not seen the "new and improved" extended ping like IOS routers have.

Ivan Martinon Wed, 12/02/2009 - 09:29

ASA and PIX 7.X have a feature call packet tracer, this tool allows the asa to trace the path that a packet will follow by "simulating" this packet as it arrives on the selected interface and goes through the whole appliance, this can be used to simulate a packet going from inside to outside matching the vpn policy, there was a bug on some versions where this feature would not match the vpn policy hopefully it has been fixed.

As well you can use the management-access interface command to use the inside or whichever interface you want to source the traffic via a ping and make the tunnel to come up, note this management access traffic generated command will not be subject to nat or to some filtering polices so it might not apply completely, check the following links:

Packet tracer command reference

management access command reference




This Discussion