I'm having an isssue with a firewall vpn tunnel. I ran a packet-tracer and attached the results.
The attached file shows a failed delivery from a host. I have ran some with a successful delivery, on the same network, with a different host; everything is the same, but the host is different. That is the problem I am troubleshooting.
What I need, is more information on the packet-trace command results when it's not obvious why there is a 'deny'. I ran some packet-trace commands and it gave a more exact reason for failure, such as a specific ACL. When that happened, it was easy to solve this problem.
However, the output I've attached here isn't so obvious.
Anyway, I would appreciate any help or direction to help me understand the output.
I'm initiating the request from the inside, going out the outside interface. I do not have an ACL blocking the traffic leaving. I have an ACL on the firewall directly forward of the destination, but I'm not getting that far in this packet-trace.
I would like some help on translating the information this command sends back.
I have ACLs on the outside interface, but they allow traffic to pass.
I am troubleshooting traffic passing via the vpn. Because of this part of the packet-tracer: 'Additional Information:
in 0.0.0.0 0.0.0.0 outside', would I be correct in saying this traffic is going through the default gateway - not the vpn
Also, in 'Phase 3 - Additional Information:', what does this information tell me?
Thanks for taking the time to help.
in 0.0.0.0 0.0.0.0 outside
Forward Flow based lookup yields rule:
in id=0xd66bec70, priority=111, domain=permit, deny=true
domain=permit, deny=true, hits=8, user_data=0x0, -- where does that info come from?
I suppose I'm just looking to learn more about the packet-tracer command. From what I see on Cisco's site and the Internet, there's not too much about this command. It seems like you can do a lot with it. It's helped me in the past, when it's obvious.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...