Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1343
Views
0
Helpful
1
Replies

Packet capture for IKE and IPsec traffic failing

Gerard Roy
Level 2
Level 2

‎08-26-2014 03:47 PM - edited ‎02-21-2020 07:47 PM

I have a packet capture on a Cisco 891 router configured with the following settings. It does not capture any packets. Anyone see what I have incorrect?

IP of the Hub or Head End side 66.179.xx.xx

IP of the 891 or spoke side 187.144.33.144

I apply the following to the spoke router.

ip access-list extended BUF-FILTER1234
    permit ip host 66.179.xx.xx host 187.144.33.144
    permit ip host 187.144.33.144 host 66.179.xx.xx

monitor capture buffer BUF1234 size 2048 max-size 1518 linear
monitor capture buffer BUF1234 filter access-list BUF-FILTER1234
monitor capture point ip cef POINT1234 dialer2 both
monitor capture point associate POINT1234 BUF1234

I then start the capture:

monitor capture point start POINT1234

2055951: Aug 26 22:45:51.327 UTC: %BUFCAP-6-ENABLE: Capture Point POINT1234 enabled.
Store_85000#

Wait a length of time and look at the dump and nothing.

Store_85000#show monitor capture buffer BUF1234 dump
Store_85000#

 

Labels:
0 Helpful
1 Reply 1

Lovleen Arora
Level 1
Level 1

‎08-26-2014 07:52 PM

can you try ESP protocol instead of IP. the vpn traffic gets encapsulated into an ESP packet. ALso, UDP 500 and/or UDP4500 might also help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents