How to capture IPSec traffic on ASA with capture type isakmp?

Unanswered Question


I tried to capture IPSec data on the ASA with the command "capture cap type isakmp" without success yet.

It is a Cisco ASA 5520 with 8.0(4)32

I would like to see the decapsulated packets somehow.

Has anybody done a capture successfully with type isakmp?

Are there any specialities to consider?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Tue, 04/20/2010 - 03:33

Capture type isakmp only captures the negotiation for phase 1. Anything specific you are looking for? Debug should tell you most things in regards to the isakmp negotiation.

Federico Coto F... Tue, 04/20/2010 - 07:46

The output of the command:  sh cry ips sa

will show the status of the packets being sent through the tunnel.

You can see if the packets are being encapsulated/decapsulated, encrypted/decrypted or if there are errors.


Jennifer Halim Wed, 04/21/2010 - 03:40

To check if ASA might be dropping any packets, you can perform packet capture on asp-drop:

capture type asp-drop

It will capture whatever packets that are being dropped by the ASA.

If you would like to capture traffic from the VPN and making sure that it is being routed towards the internal networks, you can perform packet capture on the internal interfaces and make sure that the packet leaves the ASA.

Hope that helps.


This Discussion