Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
0
Helpful
3
Replies

Capturing traffic going in IPSEC tunnel

Go to solution
mahesh18
Level 6
Level 6

‎05-01-2014 10:50 AM - edited ‎02-21-2020 07:37 PM

 

Hi Everyone,

 

Our Internet ASA is config to allow ipsec connections going from DMZ to internet.

We have some vendors coming in and they need VPN access to their company network while working in our DMZ network.

 

As IPSEC tunnel is all secure.IF vendor access say some servers and they have  private IP address in their network is there any way that i can see in our ASA connections open for them?

 

Regards

MAhesh

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-01-2014 11:27 AM

If they're initiating remote access VPN connections from servers in your DMZ you would only see tcp/443 traffic (SSL) (or possibly IPsec over protocol 50 if they are using an IPsec VPN).

That's assuming you allow all connections initiated from the DMZ to the outside. If you restrict them with an access-list then they would need to have you explicitly allow the connection.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-01-2014 12:14 PM

If they access it via a VPN then your ASA will show the connection to their VPN device and not the connections within that SSL VPN  - those would all be encapsulated in the tunnel.

If they were accessing the remote server directly (not via a VPN) then yes you would see the server address in your "show conn" output.

I assume you use 10.10.10.1 as a made-up example as that private IP address would never be routed freely on the Internet - only within a private network or tunneled within a VPN.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-01-2014 11:27 AM

If they're initiating remote access VPN connections from servers in your DMZ you would only see tcp/443 traffic (SSL) (or possibly IPsec over protocol 50 if they are using an IPsec VPN).

That's assuming you allow all connections initiated from the DMZ to the outside. If you restrict them with an access-list then they would need to have you explicitly allow the connection.

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Marvin Rhoads

‎05-01-2014 11:37 AM

 

Hi Marvin,

 

Say they are accessing the server in their network and it talks on port sat 3000.

There is Rule in ASA that allows connection from DMZ to  outside on port 3000.

This server has say IP 10.10.10.1.

Need to confirm this conn will not be shown in our Internet ASA right?

 

Regards

MAhesh

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-01-2014 12:14 PM

If they access it via a VPN then your ASA will show the connection to their VPN device and not the connections within that SSL VPN  - those would all be encapsulated in the tunnel.

If they were accessing the remote server directly (not via a VPN) then yes you would see the server address in your "show conn" output.

I assume you use 10.10.10.1 as a made-up example as that private IP address would never be routed freely on the Internet - only within a private network or tunneled within a VPN.

0 Helpful
Customers Also Viewed These Support Documents