08-14-2014 09:02 AM
I just setup a VPN filter to secure traffic between two of our facilities. Like a good security admin, I'm only allowing good ports and blocking everything else. Now I'm seeing unidirectional packet loss.
I wanted to set up a packet capture to detect which packets were being allowed and which were being dropped. However, none of my packet captures are showing any packets captured. I've tried the following captures.
capture derp type raw-data interface xo [Capturing - 0 bytes]
match ip 10.1.8.0 255.255.252.0 any
capture derp type raw-data access-list 105 interface xo [Capturing - 0 bytes]
capture derp type raw-data interface asa_dataplane [Capturing - 0 bytes]
match ip 10.1.8.0 255.255.252.0 any
This is definitely a formatting issue on my part as I'm not detecting traffic from subnets that passing traffic successfully.
Any help would be appreciated. Thank you.
Solved! Go to Solution.
08-14-2014 11:43 AM
Hi Michael,
do not change the VPN filter..... you just create a dummy access-list just for capture and have that as any any rule and use that for capture.
Regards
Karthik
08-14-2014 10:56 AM
Hi,
I have tested this in my lab....
capture derp type raw-data access-list 105 interface xo
it works cool !!! i hope you are capturing it on inside interface of the firewall for capturing the traffic.... if your LAN is 10.1.8.0/22.....
else put an access-list with any any.... and see how vpn traffic is getting through it...... capture will not show anything if mapping is wrong.....
Regards
Karthik
08-14-2014 11:09 AM
Thank you for the response!
However, the xo interface is our outside interface and the 10.1.8.0/22 subnet is from our remote facility.
I tried creating the permit any any ACL and applying it as a vpn filter, but I got this error when I tried to capture.
access-list derp line 1 extended permit ip any any (hitcnt=0) 0xab0757a7
ERROR: Capture doesn't support access-list <derp> containing mixed policies
08-14-2014 11:43 AM
Hi Michael,
do not change the VPN filter..... you just create a dummy access-list just for capture and have that as any any rule and use that for capture.
Regards
Karthik
09-23-2014 08:52 AM
This did not work either, however I was able to create a capture on our inside interface to achieve what I wanted to do.
Thanks for the help anyway
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: