12-05-2018 03:24 AM - edited 02-21-2020 08:32 AM
Hello need advice on how to identify who is using an IPSec tunnel
can not capture packets using because of encryption, correct ?
if I do a show vpn-seas l2l I see the tunnel peer and the destination which is the Asa outside interface
I need to identify who is actually using the tunnel, thanks for any help
12-05-2018 03:37 AM
HI there,
Check the ACL which is used to match traffic for the particular entry in the crypto map. Use the output from sh vpn-sessiondb det l2l to find the remote address and cross reference that against the crypto map config peer address to find the correct entry.
Looking at the ACL you can then determine from the IP source section which of your hosts are permitted to use the VPN, when trying to reach the destination subnet(s) specified by the ACL.
Since you can’t run a packet capture, do you have netflow configured? Failing that just look at the connection table, although this method will not give you any historic information.
Cheers,
Seb.
12-05-2018 05:20 AM
12-05-2018 05:58 AM
I would expect that, as the outside address is the peer address that the remote IPSec endpoints will be connecting to.
Its the remote address which you need to match against the crypto map set peer statement. That will tell you which ACL to look at to determine the traffic flows which will be sent down the VPN.
12-05-2018 09:54 AM
12-05-2018 10:52 AM
12-05-2018 02:14 PM
We do not know details of your environment, but in many of the site to site vpn the acl used to identify traffic for the tunnel just permit local subnet x to go to remote subnet y. In that case the acl does not have anything that can identify which specific local hosts are using the vpn. I find the suggestion about net flow very interesting. If you do have net flow implemented then you could possibly look in the net flow data for source addresses in the local subnet and destination addresses in the remote subnet.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide