How do I trace traffic source?

Answered Question
Jun 25th, 2010

I have a site-2-site IPSec vpn between an 1801 ISR and an ASA 5510. Monitoring the vpn on the ASA, I see there is constant traffic on it, when I would have expected only intermittent traffic. How can I trace what is actually causing traffic to cross the vpn? I suspect something at the ISR end is sending packets to the ASA network, but how can I find out what?


I have this problem too.
0 votes
Correct Answer by Martin Bosch about 6 years 4 months ago


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
alanmsv1234 Fri, 06/25/2010 - 06:20


I don't have a Netflow box, and it looks very complicated!!

What I really need is a simple metod of tracing the source IP of traffic going through the VPN.

alanmsv1234 Fri, 06/25/2010 - 07:42

Found the answer: Packet capture wizard in the ASA can track all packets between any interface or IP address/range. By capturing from the source subnet, then sending the output to Wireshark, the culprit is revealed.


This Discussion