Solved: Cisco asa remote vpn & pcap query

secureIT · ‎07-07-2015

Hi Folks,

My queries are :-

1.how shall we take packet capture for remote IPsec vpn traffic. ?

Source would be a public ip addess given by the datacard or the private ip address assigned by the pool address ?

As far as i know, we have to use the source as public ip address only, which is coming from the outside world pc - correct me if im wrong and some explanation.

2. If the above answer is private ip address for the above question, then how RPF will handle the same network segment ip communication between the pool ip range and lan ip range ?

-Rajesh

Puneesh Chhabra · ‎07-07-2015

Since it is encrypted, you cannot capture the private IP communication. You can only capture ESP packets on the outside interface of the ASA. Source would be client public IP and destination would be Headend (ASA) public IP.

Set up an ACL

capture <name> access-list <name> interface outside

you can view it using

show capture <name>

To view the private IP communication, you have to set up a capture on the egress interface of the ASA (Inside or DMZ) where you can set up an ACL using the private ip addresses.

Also, you can export it from ASA and view it in pcap

Regards,

Puneesh

View solution in original post

Puneesh Chhabra · ‎07-07-2015