hi,

tankvishal1108 · ‎01-06-2016

I want to test connectivity on udp port 500 on other side

how could i check whether udp port 500 is up or not

what command used on cisco router and ASA?

md.irfan.khans · ‎01-06-2016

You Can use packet tracert in ASA and check the logs on Router

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port

Ex for ASA : packet-tracer input ( Interface name ) tcp 10.1.1.1 5067 10.4.1.1 23

tankvishal1108 · ‎01-06-2016

Basically I am establishing a tunnel between router and firewall

on firewall by default icmp is disable

i want check end to end connectivity

how can i check that;

firewall is not under my administration

i have only access to router..

johnlloyd_13 · ‎01-06-2016

hi,

you can't use telnet to test UDP. telnet is used for testing TCP ports only.

you can issue the show crypto ipsec sa if it's a cisco router.

see helpful link:

http://ccnpsecuritywannabe.blogspot.com/2014/08/ikev1-ipsec-site-to-site-vpn.html

871W#show crypto ipsec sa

interface: BVI1
    Crypto map tag: 871_IKEv1_CMAP, local addr 192.168.1.1

   protected vrf: (none)
   local ident (addr/mask/prot/port): (192.168.1.1/255.255.255.255/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.2/255.255.255.255/0/0)
   current_peer 192.168.1.2 port 500

tankvishal1108 · ‎01-06-2016

Hi thnx for replay

I know step for establishing tunnel between two point's

But before establishing tunnel we use to check end to end connectivity.

as you shared a link

consider i am configuring site-to-site vpn on router

and ASA is other end of tunnel which shared me the required parameter(and they have opened udp port 500 and 4500)

But before configuring all policy generally we use to check connectivity; whether other end is reachable or not

how will you check if icmp is disable on the firewall

johnlloyd_13 · ‎01-07-2016

hi,

you can check the ACL and MPF configured on the ASA.

Telnet UDP port