Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
10
Helpful
6
Replies

VPN Traffic for specific client

Go to solution
sivaaalthi
Level 1
Level 1

‎03-17-2013 01:20 PM - edited ‎03-11-2019 06:15 PM

Hi All,

I have ASA 5510 8.4 Firewall where more than 20 Site to Site VPN Clients are configured on it.

Could anyone please help me how to see the traffic for one Specific Site to Site VPN.

Actually this site to site vpn is always keep droping for every minute. I'm sure its a problem at the other end.

The remaining 19 VPNS are UP and working without any problem.

Please help me how to see the traffic for specific vlan.

More over we dont have any syslog server in our network.

Is their any chance we can check the traffic on the firewall ?

Any help would be highly appreciated.

Regards,

Chinnu.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Javier Portuguez
Level 9
Level 9

‎03-17-2013 04:51 PM

Hi Chinnu,

In order to verify one single VPN connection, do the following:

1- debug crypto condition peer specific_vpn_peer_IP

2- debug crypto ikev1 190 --> 8.4+

    debug crypto isakmp 190 --> 8.2 & 8.3

3- debug crypto ipsec 190

This will show debugging information for one single VPN connection, so we could narrow down the issue.

On the other hand, to check the statistics of this single tunnel:

show crypto ipsec sa peer specific_vpn_peer_IP

A packet-capture would be required in case that the tunnel remains up, but certain traffic does not seem to flow across.

HTH.

Portu.

View solution in original post

6 Replies 6

Go to solution
jocamare
Level 4
Level 4

‎03-17-2013 02:13 PM

Packet captures on any of the endpoints will give you some information about the traffic flowing through the tunnel.

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9

‎03-17-2013 04:51 PM

Hi Chinnu,

In order to verify one single VPN connection, do the following:

1- debug crypto condition peer specific_vpn_peer_IP

2- debug crypto ikev1 190 --> 8.4+

    debug crypto isakmp 190 --> 8.2 & 8.3

3- debug crypto ipsec 190

This will show debugging information for one single VPN connection, so we could narrow down the issue.

On the other hand, to check the statistics of this single tunnel:

show crypto ipsec sa peer specific_vpn_peer_IP

A packet-capture would be required in case that the tunnel remains up, but certain traffic does not seem to flow across.

HTH.

Portu.

Go to solution
sivaaalthi
Level 1
Level 1
In response to Javier Portuguez

‎03-19-2013 03:43 AM

Hi Javier,

Many Many Many Thanks and Thanks a Lot aswell..!!!!

Regards,

Chinnu.

Go to solution
Javier Portuguez
Level 9
Level 9
In response to sivaaalthi

‎03-19-2013 12:05 PM

You are very welcome!!

Have a good one

0 Helpful

Go to solution
sivaaalthi
Level 1
Level 1
In response to Javier Portuguez

‎03-19-2013 01:08 PM

Thanks Javier..!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card