cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
312
Views
0
Helpful
4
Replies

packet capture access list on vpn filter

Michael Gombos
Level 1
Level 1

I just setup a VPN filter to secure traffic between two of our facilities. Like a good security admin, I'm only allowing good ports and blocking everything else. Now I'm seeing unidirectional packet loss.

I wanted to set up a packet capture to detect which packets were being allowed and which were being dropped. However, none of my packet captures are showing any packets captured. I've tried the following captures.

 

 capture derp type raw-data interface xo [Capturing - 0 bytes]
  match ip 10.1.8.0 255.255.252.0 any

 

capture derp type raw-data access-list 105 interface xo [Capturing - 0 bytes]

capture derp type raw-data interface asa_dataplane [Capturing - 0 bytes]
  match ip 10.1.8.0 255.255.252.0 any

 

 

This is definitely a formatting issue on my part as I'm not detecting traffic from subnets that passing traffic successfully.

 

Any help would be appreciated. Thank you.

1 Accepted Solution

Accepted Solutions

Hi Michael,

do not change the VPN filter..... you just create a dummy access-list just for capture and have that as any any rule and use that for capture.

 

Regards

Karthik

View solution in original post

4 Replies 4

nkarthikeyan
Level 7
Level 7

Hi,

 

I have tested this in my lab....

capture derp type raw-data access-list 105 interface xo

it works cool !!!  i hope you are capturing it on inside interface of the firewall for capturing the traffic.... if your LAN is 10.1.8.0/22.....

 

else put an access-list with any any.... and see how vpn traffic is getting through it...... capture will not show anything if mapping is wrong.....

 

Regards

Karthik

Thank you for the response!

However, the xo interface is our outside interface and the 10.1.8.0/22 subnet is from our remote facility.

 

I tried creating the permit any any ACL and applying it as a vpn filter, but I got this error when I tried to capture.

access-list derp line 1 extended permit ip any any (hitcnt=0) 0xab0757a7

ERROR: Capture doesn't support access-list <derp> containing mixed policies

Hi Michael,

do not change the VPN filter..... you just create a dummy access-list just for capture and have that as any any rule and use that for capture.

 

Regards

Karthik

This did not work either, however I was able to create a capture on our inside interface to achieve what I wanted to do.

Thanks for the help anyway

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: