Hi, I am debugging intermittent hairpin VPN traffic between EZVPN clients, ASA 5520 is ezvpn server. I am trying to determine where the packet is dropped.
From one client continuous ping to the other client is issued, the ping packets should go to ASA's outside interface, decrypted and encrypted and again be sent out the same outside interface. When I do capture for the ping packets on ASA's outside interface, nothing is captured even when ping is successful.
ping capture from ezvpn client to ASA inside network is fine.
How should I do packet capture in this VPN hairpin scenario? Thanks a lot for your help.
Re: How to capture spoke to spoke VPN traffic on ASA
EZVPN client is running at network extension mode, each user is using 172.16.0.0/28 address space, so the ACL I am using is something like this: access-list ping_acl extended permit icmp host 172.16.0.1 host 172.16.0.17
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...