Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
0
Helpful
4
Replies

How do I trace traffic source?

Go to solution
alanmsv1234
Level 1
Level 1

‎06-25-2010 03:58 AM

I have a site-2-site IPSec vpn between an 1801 ISR and an ASA 5510. Monitoring the vpn on the ASA, I see there is constant traffic on it, when I would have expected only intermittent traffic. How can I trace what is actually causing traffic to cross the vpn? I suspect something at the ISR end is sending packets to the ASA network, but how can I find out what?

Cheers

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Martin Bosch
Level 1
Level 1

‎06-25-2010 06:05 AM

Hi Alan,

I dont know if you have a netflow box but if you do have a look at this.

http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/get_start_cfg_fnflow_ps6441_TSD_Products_Configuration_Guide_Chapter.html

0 Helpful

Go to solution
alanmsv1234
Level 1
Level 1
In response to Martin Bosch

‎06-25-2010 06:20 AM

Hi,

I don't have a Netflow box, and it looks very complicated!!

What I really need is a simple metod of tracing the source IP of traffic going through the VPN.

0 Helpful

Go to solution
alanmsv1234
Level 1
Level 1
In response to alanmsv1234

‎06-25-2010 07:42 AM

Found the answer: Packet capture wizard in the ASA can track all packets between any interface or IP address/range. By capturing from the source subnet, then sending the output to Wireshark, the culprit is revealed.

0 Helpful

Go to solution
Martin Bosch
Level 1
Level 1
In response to alanmsv1234

‎06-25-2010 07:47 AM

Cool

0 Helpful
Customers Also Viewed These Support Documents