Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to capture IPSec traffic on ASA with capture type isakmp?

Hello,

I tried to capture IPSec data on the ASA with the command "capture cap type isakmp" without success yet.

It is a Cisco ASA 5520 with 8.0(4)32

I would like to see the decapsulated packets somehow.

Has anybody done a capture successfully with type isakmp?

Are there any specialities to consider?

Thanks!


Marcus.

4 REPLIES
Cisco Employee

Re: How to capture IPSec traffic on ASA with capture type isakmp

Capture type isakmp only captures the negotiation for phase 1. Anything specific you are looking for? Debug should tell you most things in regards to the isakmp negotiation.

New Member

Re: How to capture IPSec traffic on ASA with capture type isakmp

I would like to capture (cleartext) packets from inside the ASA just after they dropped out of the VPN tunnel.

Can they be captured from the dataplane or somewhere else?

The point is that I need to prove that the ASA does not drop some packets silently without any logging.

Re: How to capture IPSec traffic on ASA with capture type isakmp

The output of the command:  sh cry ips sa

will show the status of the packets being sent through the tunnel.

You can see if the packets are being encapsulated/decapsulated, encrypted/decrypted or if there are errors.

Federico.

Cisco Employee

Re: How to capture IPSec traffic on ASA with capture type isakmp

To check if ASA might be dropping any packets, you can perform packet capture on asp-drop:

capture type asp-drop

It will capture whatever packets that are being dropped by the ASA.

If you would like to capture traffic from the VPN and making sure that it is being routed towards the internal networks, you can perform packet capture on the internal interfaces and make sure that the packet leaves the ASA.

Hope that helps.

4518
Views
0
Helpful
4
Replies
CreatePlease to create content