Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
667
Views
0
Helpful
2
Replies

Packet Capture on ASA with S-S VPN and Natted addressing

gbraver
Level 1
Level 1

‎09-23-2015 12:35 PM - edited ‎03-11-2019 11:38 PM

Sorry if this has been posted twice.

Trying to do a packet capture with nat'ed addresses (twice nat).  Don't know what IP's I should have in the capture ACL.  Could experiment but would also like to understand going forward.

 

here are the objects and nat statement

LAB-SEC-F5510# sho run object
object network net-remote
 subnet 10.160.0.0 255.255.0.0
object network net-local
 subnet 10.110.2.0 255.255.255.0
object network mapped_remote
 subnet 192.168.0.0 255.255.0.0

LAB-SEC-F5510# sho run nat
nat (INSIDE,OUTSIDE) source static 10.110.2.1 10.115.50.1 destination static mapped_remote net-remote
LAB-SEC-F5510#


10.110.2.1 is the real server address.  Client access as 10.115.50.1
we access client network (10.160.x.x) with 192.168.x.x

thanks

Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎09-23-2015 06:27 PM

Hi,

Is this VPN terminating on the ASA device ? If yes , you wouldn't be able to see anything on the Outside interface as that is encrypted.

For the inside captures , you need to have the Real IP address in the captures as the UN-NAT would have already been done.

So , 10.110.2.1 && 192.168.0.0

Thanks and Regards,

Vibhor Amrodia

0 Helpful

gbraver
Level 1
Level 1
In response to Vibhor Amrodia

‎09-24-2015 06:03 PM

thanks

Cisco needs better documentation on this as would never have known about not seeing traffic on the outside "encrypted" interface unless you mentioned.  Did a lot of web searching as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card